As this is not a vulnerability but a bug with some security implication, there is no need to keep this private.
As this is not a vulnerability but a bug with some security implication, there is no need to keep this private.