Cloudsmith

The Cloudsmith Developer Hub

Welcome to the Cloudsmith developer hub. You'll find comprehensive guides and documentation to help you start working with Cloudsmith as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Hall of Fame

Suggest Edits

The security hall of fame represents a list of security researchers who have provided qualifying exploit information for actual/tangible security risks against the Cloudsmith service itself (i.e. not third party services). Each entry represents a separate report for a particular exploit that was reported along with its final status, ordered by the date the exploit was reported in reverse chronological order. A description of the fields is provided below the table.

Cloudsmith thanks the following security researchers:

Date
Reporter
Severity
Classification
Status

2020-02-24

Abhilash P K

HIGH

Server-Side Request Forgery (SSRF)

Fixed (2020-02-24)

2019-09-18

Kunal Mhaske

LOW

Session Management

Fixed (2019-10-15)

2018-11-24

B.Dhiyaneshwaran

LOW

Flood Attack

Fixed (2018-11-25)

2018-07-26

Abdelali Khalfi

HIGH

Subdomain Takeover

Fixed (2018-07-30)

2017-08-08

Suyog Palav

MEDIUM

Brute Force / Flood Attack

Fixed (2017-08-19)

2017-05-31

Amal Jacob

MEDIUM

Hyperlink Injection

Fixed (2017-08-11)

2017-06-07

Amal Jacob

MEDIUM

Tab URI Hijack

Fixed (2017-08-11)

2017-05-20

Yaroslav Olejnik

HIGH

Cross-Site Scripting (XSS)

Fixed (2017-05-23)

2017-05-17

Amal Jacob

MEDIUM

Information Disclosure

Fixed (2017-05-17)

2017-05-16

Pethuraj M

LOW

Brute Force Attack

Fixed (2017-05-16)

2017-05-10

Amal Jacob

MEDIUM

Hyperlink Injection

Fixed (2017-05-16)

2017-03-21

Evan Ricafort

LOW

Cross-Site Scripting (XSS)

Fixed (2017-03-29)

2017-02-26

Amal Jacob

MEDIUM

Brute Force Attack

Fixed (2017-03-29)

2017-02-26

Amal Jacob

MEDIUM

Brute Force Attack

Fixed (2017-03-29)

2017-02-02

Nitin Goplani

MEDIUM

Decompression Bomb

Fixed (2017-02-06)

2017-02-02

Nitin Goplani

MEDIUM

Open Redirect

Fixed (2017-02-06)

2017-01-07

Harry M. Gertos

LOW

Subdomain Takeover

Fixed (2017-01-12)

2016-12-10

Harry M. Gertos

MEDIUM

Cross-Site Scripting (XSS)

Fixed (2017-02-06)

Date:

This is the date that the exploit was reported to Cloudsmith.

Reporter:

This is attribution to the security researcher that reported the exploit, along with a link to the profile location of their choosing. If the researcher wishes to remain anonymous or would prefer to use a pseudonym instead of a real name, then this will be marked as such.

Severity:

The severity for an exploit (if disclosed) will be determined based on a combination of impact (the damage that it can cause if exploited) and the likelihood that it will be exploited (how easy is it to actually perform the exploit). We will follow the OWASP Risk Rating Methodology when determining this and will assign a LOW, MEDIUM or HIGH severity rating.

Classification:

The classification for an exploit will follow the general categories for qualifying information as outlined in the Security Policy. If the category doesn't fit but is still determined to be qualifying information then we will either add an additional category or use a catch-all "Other" classification. Prior to full disclosure valid reports will be reported as "Not Disclosed Yet".

Status:

This is the status of the exploit. If the exploit was fixed then this will be "Fixed" along with the date that the exploit was negated. If the fix was determined as "No Fix Needed" but the exploit was still acknowledged in this table (most likely because the exploit either didn't pose a viable security risk or was extremely difficult to implement, or was prior to the security policy explicitly excluding an element related to the exploit) then this will be marked as such.

Updated 11 days ago

Hall of Fame

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.