Created clean installation of Phabricator from github on latest Debian stable as part of bug bounty work (Detailed records kept if required).
Email is not configured.
If I add an SSH key to an account this is not added to the account activity log.
not recorded here:
I’ve filed as Bug but strictly would be an “enhancement”, or a “question”. e.g. What the purpose of the Activity Log is? I assume it is to provide information about if the user account is compromised, or there is suspicion about inappropriate activity. If so then manipulation of a user’s SSH keys would seem to be a likely change of interest, but that may not be the intended purpose.
Also shout if this isn’t the best forum, as I have other observations that individually don’t merit a HackerOne report, but fall out of looking at what the code does with a security hat on, but I’m still mastering the various applications.
Phabricator Version Information
|phabricator||3e38579feea3||Mon, Feb 8|
|arcanist||f501f85eb8bf||Wed, Feb 10|
Other Version Information