Report Security Vulnerability

Is there a responsible security vulnerability disclosure method for concerns relating to the Snap Store (Server Component) itself?

No, the world isn’t falling apart. But I wouldn’t want to discuss it too openly because the slightest hint would reveal the problem. I’ve tried looking in Launchpad but can’t even find the Snap Store listing itself (presumably, it’s private?).

Would be happy to discuss this over a PM with someone internal if needs be. This could be assessed in about 5 minutes, it’s not the end of the world, but it does need dealing with.

Try finding snap store proxy on launchpad, might help :slight_smile:

1 Like

Snap Store Server in Launchpad says it’s part of

2 Likes

Thanks both,

It’s been reported properly now, the right launchpad project appears to have been Snap Store Server in Launchpad :slight_smile:

1 Like

Would someone be able to give me a hand here, it’s been a month and the issue (reported on Launchpad under two projects) hasn’t been acknowledged in either.

Is there a better contact address I can provide LP ID’s to, to get some eyes on it?

@alexmurray might suggest you email the security team. I believe that’s the most appropriate course of action.

2 Likes

Hi @James-Carroll Apologize for the delay, we really appreciate the way your are handling the bug report.

I will reach out to the security team and let you know as soon as I get word from them.

Regards

1 Like

Thanks for the heads up on this - we will follow up via the Launchpad bug @James-Carroll

2 Likes