# OpenBMC Security Advisory Template

This has guidelines for OpenBMC repository maintainers to follow when creating
new draft GitHub security advisories as part of the [Security response team guidelines][].

Note that the sections under the "Description" section are intended for the
security advisory "Description" field

[security response team guidelines]: ./obmc-security-response-team-guidelines.md

### Affected Product

Ecosystem: Other OpenBMC Package name: <TBD> Affected versions: 2.9 Patched
versions: <TBD>

## Severity

Assess the severity using CVSS.

## CWE

<TBD>

## CVE identifier

Please coordinate with the security response team

## Credits

Attribution to those that discovered and mitigated the vulnerability.

### Title

Title goes here...

### Description

The description will be used by vulnerability analysts and should include the
area or the function affected, and a description of the issue. There should be
enough details to differentiate this from similar problems, but not enough
detail to help an attacker exploit the problem.

### Proof Of Concept

If provided, insert proof of concept here.

### Vulnerability Description

...can cause denial of service.

### Affected Release

OpenBMC 2.9

### Fixed in Release

Please include the commit-id in the affected repo, the commit id for the
metadata, or the version number.

### Mitigation

If available, describe or provide a link to the mitigation needed until the fix
can be applied.

### For more information

If you have any questions or comments about this advisory:

- Email openbmc-security at lists.ozlabs.org