XSS in ZenTao integration affecting self hosted instances without strict CSP
👉 https://hackerone.com/reports/1542510
🔹 Severity: High | 💰 13,950 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 9:10am (UTC)
👉 https://hackerone.com/reports/1542510
🔹 Severity: High | 💰 13,950 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 9:10am (UTC)
🔥3
Regex account takeover
👉 https://hackerone.com/reports/1581059
🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #ghaem51
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:00pm (UTC)
👉 https://hackerone.com/reports/1581059
🔹 Severity: Critical
🔹 Reported To: Rocket.Chat
🔹 Reported By: #ghaem51
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:00pm (UTC)
Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat
👉 https://hackerone.com/reports/1401268
🔹 Severity: High
🔹 Reported To: Rocket.Chat
🔹 Reported By: #danieljpp
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:00pm (UTC)
👉 https://hackerone.com/reports/1401268
🔹 Severity: High
🔹 Reported To: Rocket.Chat
🔹 Reported By: #danieljpp
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:00pm (UTC)
It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.
👉 https://hackerone.com/reports/917946
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #garretby
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:00pm (UTC)
👉 https://hackerone.com/reports/917946
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #garretby
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:00pm (UTC)
getUserMentionsByChannel leaks messages with mention from private channel
👉 https://hackerone.com/reports/1410246
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:01pm (UTC)
👉 https://hackerone.com/reports/1410246
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:01pm (UTC)
Bypass local authentication (PIN code)
👉 https://hackerone.com/reports/1126414
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #dago_669
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:01pm (UTC)
👉 https://hackerone.com/reports/1126414
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #dago_669
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:01pm (UTC)
Unintended information disclosure in the Hubot Log files
👉 https://hackerone.com/reports/1394399
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #rolfzur
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:01pm (UTC)
👉 https://hackerone.com/reports/1394399
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #rolfzur
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:01pm (UTC)
REST API gets `query` as parameter and executes it
👉 https://hackerone.com/reports/1140631
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #paulocsanz
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:02pm (UTC)
👉 https://hackerone.com/reports/1140631
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #paulocsanz
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:02pm (UTC)
Message ID Enumeration with Action Link Handler
👉 https://hackerone.com/reports/1406953
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:02pm (UTC)
👉 https://hackerone.com/reports/1406953
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:02pm (UTC)
TOTP 2 Factor Authentication Bypass
👉 https://hackerone.com/reports/1448268
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:02pm (UTC)
👉 https://hackerone.com/reports/1448268
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:02pm (UTC)
getRoomRoles Method leaks Channel Owner
👉 https://hackerone.com/reports/1447440
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
👉 https://hackerone.com/reports/1447440
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
NoSQL-Injection discloses S3 File Upload URLs
👉 https://hackerone.com/reports/1458020
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
👉 https://hackerone.com/reports/1458020
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
API route chat.getThreadsList leaks private message content
👉 https://hackerone.com/reports/1446767
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
👉 https://hackerone.com/reports/1446767
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
Message ID Enumeration with Regular Expression in getReadReceipts Meteor method
👉 https://hackerone.com/reports/1377105
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
👉 https://hackerone.com/reports/1377105
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:03pm (UTC)
Rocket.chat user info security issue
👉 https://hackerone.com/reports/1517377
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #mikolajczak
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:04pm (UTC)
👉 https://hackerone.com/reports/1517377
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #mikolajczak
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:04pm (UTC)
getUsersOfRoom discloses users in private channels
👉 https://hackerone.com/reports/1410357
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:04pm (UTC)
👉 https://hackerone.com/reports/1410357
🔹 Severity: Medium
🔹 Reported To: Rocket.Chat
🔹 Reported By: #gronke
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 4:04pm (UTC)
Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at `{group_id}.gitlab.io`
👉 https://hackerone.com/reports/1591412
🔹 Severity: Medium | 💰 1,990 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 9:31pm (UTC)
👉 https://hackerone.com/reports/1591412
🔹 Severity: Medium | 💰 1,990 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 9:31pm (UTC)
🔥1
Content injection in Jira issue noscript enabling sending arbitrary POST request as victim
👉 https://hackerone.com/reports/1533976
🔹 Severity: High | 💰 8,690 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 9:32pm (UTC)
👉 https://hackerone.com/reports/1533976
🔹 Severity: High | 💰 8,690 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 9:32pm (UTC)
🔥1
Open Redirect on www.redditinc.com via `failed` query param
👉 https://hackerone.com/reports/1257753
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 11:27pm (UTC)
👉 https://hackerone.com/reports/1257753
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 22, 2022, 11:27pm (UTC)
com.basecamp.bc3 Webview Javanoscript Injection and JS bridge takeover
👉 https://hackerone.com/reports/1343300
🔹 Severity: High | 💰 1,210 USD
🔹 Reported To: Basecamp
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2022, 9:33am (UTC)
👉 https://hackerone.com/reports/1343300
🔹 Severity: High | 💰 1,210 USD
🔹 Reported To: Basecamp
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2022, 9:33am (UTC)
CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag
👉 https://hackerone.com/reports/1671140
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #happyhacking123
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2022, 5:16pm (UTC)
👉 https://hackerone.com/reports/1671140
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #happyhacking123
🔹 State: 🟢 Resolved
🔹 Disclosed: September 23, 2022, 5:16pm (UTC)