u/webnestify

First disclosure I've run at this severity. I want to get the process right, not learn it the hard way. Looking for people who've run vendor disclosures to push back on the plan below.

What I found: CVSS 10.0 in a vendor's automated provisioning. Unauthenticated remote, full data compromise, plausible RCE. Default-credentials class, not a novel exploit. The fix on their end is roughly one line per template.

What makes it worse: the same pattern shows up across multiple templates I checked. Looks systemic to how that class of templates is generated, not one bad apple. The affected population is anyone who provisioned from those templates. They were exposed from the moment of deployment, with nothing flagging the issue. Patching the templates only protects new deployments. Every existing instance stays exposed until someone individually remediates it.

Constraints:

• No security.txt, no security contact, no bounty. General support email and a ticket system only.
• Reported through their available channels, flagging that it looks catalog-wide rather than a single template. Treating this as the start of a coordinated process.
• Working PoC. Nothing published.

My plan if they don't engage:

1. Re-report through every channel with a dated acknowledgment window.
2. If the window lapses with no response: publish an advisory with vuln class and remediation only. No PoC, no exploit code. Request a CVE via MITRE since the vendor isn't a CNA.
3. Hold the full writeup and PoC until a fix has shipped and existing exposed deployments have been addressed.

Questions for people who've run vendor disclosures:

1. When the defect is systemic and existing deployments stay exposed regardless of the template fix, is "advisory with remediation, no PoC" the right balance? Or does protecting that population justify going further, or pulling back?
2. What's a defensible acknowledgment window for a vendor with no security program, and how do you document good-faith contact so it holds up if it gets contentious later?
3. How do you push a vendor to audit a whole catalog rather than patch only the one template you named, without handing them an excuse to stall?
4. MITRE as CNA-of-last-resort when the affected party isn't a CNA: realistic path, and does MITRE want a public reference at submission time?
5. Anything in this plan that would make someone experienced wince?

Keeping the vendor, components, and specific templates out of it while remediation is in progress. This is a process question, not an attempt to crowdsource an ID. Tell me what I'm missing.

Thanks a lot for your time.

https://preview.redd.it/pa8agmowpn0h1.jpg?width=2040&format=pjpg&auto=webp&s=65326d473964f947a190d1b188b6f427c9cff568

Hey.

This was my first ever sous vide Ossobuco meal I made and wanted to share it with you.

Here is the recipe:

Ingredients

• 1 ossobuco pieces (~600g each)
• 15 ml extra virgin olive oil
• 2 garlic cloves, smashed
• 1 red onion, diced small
• 1 carrot
• 1 celery stalk, diced small
• 6 cherry tomatoes, halved
• 15 ml tomato paste
• 1 fresh thyme sprigs
• 1 fresh rosemary sprig
• 5 ml Worcestershire sauce
• salt
• black pepper ( I used red campot pepper).
• 1 lemon, zested and juiced
• bunch of fresh parsley
• 2 garlic cloves, finely minced (for gremolata)

Steps:

Prep the meat: Pat the ossobuco (~600g each) completely dry with paper towel. Season generously with salt and black pepper.

Step 1 - Season the meat

Sear the ossobuco 2-3 minutes per side. Both flat faces and the edges,until deep brown. Don't move them while searing. Set aside to cool.

Step 2 - Sear the meat

Cook the aromatics (veggies) in the same pan with the fond and add tomato puree and splash of umami boost: LP Worcestershire sauce and a touch of Dark Mushrooms Soy Sauce

Step 3 - Mise en place veggies

Step 3 - Fond base after searing

Step 3 - Deglaze the pan

Step 3 - Umami Boost

Make the Gremolata: Finely chop fresh parsley, zest 1 lemon and squeeze lemon juice. Add olive oil, salt and garlic.

Submerge bags in the 72°C/162°F bath for 48 hours.

Step 4 - Let it cook!

Final plate:

Final plate

To be honest, the meat was falling apart, but it was a bit of dry to my taste. Was expecting something juicier. Not sure if that is because of 72°C/162 °F temp or time.

What do you think? Did I get it right? Thanks a lot.

Hello.

I am quite new into BBQ world and I just got myself also into sous vide lately. I would like to know your insights and help with proper process of getting Thor's Hammer done right.

My marinade: Coated with LP Worcestershire sauce, Argentinian beef rub and bunch of fresh herbs: Sage, Thyme and Rosemary. It's now in the freezer, but doing this beast next week.

Vacuum sealed with fresh herbs.

Since I am doing this first time ever and some online recipes says to do at least 48 hours at 74° / 165 °F and smoke it for at least 3 hours. What do you think ? Is this correct or do you have experience with it yourself to help me get this done right, please?

I have Weber Master Touch 57 kettle.

Much appreciated to all of your answers and time checking this out.

Simon