[Critical vulnereability] Cocoon server was hacked


Hi. I’m a web security researcher.
Recently I discovered a critical vulnerability on the cocoon.io website.
I wrote a report and sent it to all the addresses of the company that I found. It was September 8, 2017.
So far I have not received an answer. Until now, the vulnerability has not been fixed.
As a result, anyone can get passwords to databases, secret keys for AWS S3, GitHub, Google, Braintree Payments and etc. Your private data and the source codes of your applications are in danger.
I inform the community in order to draw the developers’ attention to this situation.
Waiting for a response from the cocoon management.
My email: artem.moskowsky@gmail.com
Sorry for my English.


Hello @artem.moskowsky,

thank you very much for your report on our site, we are very sorry we didn’t answer you earlier as this is a very serious concern of our team. We are currently having a meeting about this issue and we will send you an email with a follow up on the situation.

Thank you very much for your help and patience,
the Cocoon team.


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.