Encrypted e-mail
Report your findings to us via encrypted e-mail. Use IncaMailTarget not accessible to do so.
If you have any questions about IncaMail, you can find more information here.
Online form
Please report your findings to us using the form below.
Classifying severity
- Critical: Exploitation of the finding compromises the application, the system or the voting process severly. The exploitation is straightforward to set up.
- High: Exploitation of the finding could potentially compromise the application, the system or the voting process. The exploitation is hard to set up.
- Medium: The exploitation of the finding provides limited non-critical access. The exploitation of the finding requires the attacker to have privileges, to social engineer or reside in a local network. The exploitation is very difficult to set up.
- Low: Exploitation of the finding has a very little impact on the application, the system or the voting process. Findings that have no direct impact for the application, system or voting process also fall into this category. (e.g. typos in the GitLab Markdowns)