If you discover a security vulnerability in this project, we appreciate your help in disclosing it to us responsibly.
Please do not report security vulnerabilities through public GitHub issues. Instead, please report security vulnerabilities using one of the following methods:
1. GitHub Private Vulnerability Reporting Send a private message to the repository maintainer(s) via GitHub. This keeps the vulnerability confidential while we work on a fix.
2. Escalation: Community Slack If you do not receive a timely response, or if the issue is time-sensitive, you can reach out to the maintainer(s) directly via the BloodHound Gang Slack.
3. Last resort: Email For sensitive matters or if the above channels are unavailable, you can email us at community[@]specterops.io.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if applicable)
- We request that you do not publicly disclose the vulnerability until we have had a chance to address it
- Once a fix is available, we will coordinate with you on the timing of public disclosure
- We will credit you for the discovery (unless you prefer to remain anonymous)
Unless stated otherwise, only the latest version is supported. Refer to this project's documentation for more information about supported versions.