Versions Compared

Version Old Version 9 New Version Current
Changes made by

Krzysztof Opasiak

Krzysztof Opasiak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
titleDownstream stakeholders notification email
This is an advance warning of a vulnerability discovered in
ONAP, to give you, as downstream stakeholders, a chance to
coordinate the release of fixes and reduce the vulnerability window.
Please treat the following information as confidential until the
proposed public disclosure date.

$DESCRIPTION

Proposed patch:
See attached patches. Unless a flaw is discovered in them, these
patches will be merged to their corresponding branches on the public
disclosure date.

CVE: $CVE

Proposed public disclosure date/time:
$DISCLOSURE, 1400UTC
Please do not make the issue public (or release public patches)
before this coordinated embargo date.

Original private report:
{jira_issue_url}
For access to read and comment on this report, please reply to me
with your jira username and I will subscribe you.

--
{onap_vulnerability_ sub-committee _member},
on behalf of the ONAP vulnerability sub-committee

Security issue available in public (not reported privately)

Message should be signed.

  • Subject: [pre-OSA] Vulnerability in ONAP $PROJECT ($CVE) has been disclosed

Code Block
languagetext
titleDownstream stakeholders notification email
This is an warning of a vulnerability discovered in ONAP and published
without prior reporting to ONAP Vulnerability management subcommittee.
We will do our best to provide the fix as soon as possible but till then
please be aware of following issue:

 $DESCRIPTION

Proposed patch:
There is no patch yet.

Proposed mitigations:
{mitigations if possible}

 CVE: $CVE

Public bug report:
{jira_issue_url}

--
{onap_vulnerability_ sub-committee _member},
on behalf of the ONAP vulnerability sub-committee

Security issue available in public (reported privately)

Message should be signed.

  • Subject: [pre-OSA] Vulnerability in ONAP $PROJECT ($CVE) has been leaked

Code Block
languagetext
titleDownstream stakeholders notification email
This is an warning of a vulnerability discovered in ONAP and leaked
before our coordinated disclosure.
We will do our best to provide the fix as soon as possible but till then
please be aware of following issue:

 $DESCRIPTION

Proposed patch:
 {link to patch if any}

Proposed mitigations:
{mitigations if possible and no patch proposed}

 CVE: $CVE

Public bug report:
{jira_issue_url}

--
{onap_vulnerability_ sub-committee _member},
on behalf of the ONAP vulnerability sub-committee

ONAP Security Advisories (OSA)

...