MCP SSH Orchestrator

--- name: Security Vulnerability about: Report a security vulnerability title: '[SECURITY] ' labels: ['security', 'needs-triage'] assignees: '' --- ## Security Vulnerability Report ⚠️ **IMPORTANT**: This template is for reporting security vulnerabilities. For general security questions or best practices, please use the regular bug report template. ## Vulnerability Description A clear and concise description of the security vulnerability. ## Severity Assessment Please indicate the severity level: - [ ] **Critical**: Remote code execution, privilege escalation, data breach - [ ] **High**: Authentication bypass, unauthorized access, data exposure - [ ] **Medium**: Information disclosure, denial of service - [ ] **Low**: Minor security improvements, hardening opportunities ## Affected Components - [ ] SSH client implementation - [ ] Policy engine - [ ] Configuration handling - [ ] Docker container - [ ] MCP protocol handling - [ ] Other: _______________ ## Steps to Reproduce 1. Describe the vulnerable configuration or setup 2. Provide steps to trigger the vulnerability 3. Explain what sensitive information or access is exposed ## Impact Describe the potential impact of this vulnerability: - What data could be compromised? - What systems could be affected? - What are the potential attack vectors? ## Suggested Fix If you have suggestions for how to fix this vulnerability, please describe them here. ## Responsible Disclosure - [ ] I understand this is a security vulnerability and will not publicly disclose details until a fix is available - [ ] I agree to work with the maintainers to coordinate disclosure - [ ] I have not shared this information publicly ## Contact Information Please provide a secure way to contact you for follow-up: - Email: [your-email@example.com] - PGP Key: [if you have one] - Other: [secure communication method] ## Additional Context Add any other context about the vulnerability here. --- **Note**: For non-security bugs, please use the regular bug report template instead.