If you have information about a security issue or vulnerability in O3DE, please send the vulnerability report via e-mail to security@o3de.org.
NOTE: Please avoid creating GitHub issues, unless the vulnerability is already publicly disclosed, for example it has been reported in the National Vulnerability Database.
The vulnerability report should include as much detail as possible, including:
-
All relevant fields from the O3DE standard issue template.
-
A detailed description of the vulnerability we can use to reproduce your findings.
-
A definition of who can exploit this vulnerability and what they would gain.
-
Information about any known exploits.
A member of the SIG-Security Issue Response Team will review your e-mail and contact you to collaborate on resolving the issue.
For more details, please refer to the Security Documentation for O3DE.