CSRF in AppSearch allows creation of "curations"
👉 https://hackerone.com/reports/1477050
🔹 Severity: Medium | 💰 833 USD
🔹 Reported To: Elastic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2022, 1:26pm (UTC)
👉 https://hackerone.com/reports/1477050
🔹 Severity: Medium | 💰 833 USD
🔹 Reported To: Elastic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2022, 1:26pm (UTC)
Directory Listing at https://█.█.█.█
👉 https://hackerone.com/reports/1771051
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 1:49am (UTC)
👉 https://hackerone.com/reports/1771051
🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 1:49am (UTC)
Default password on 34.120.209.175
👉 https://hackerone.com/reports/1415241
🔹 Severity: Medium | 💰 245 USD
🔹 Reported To: Elastic
🔹 Reported By: #newspaper
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 8:14am (UTC)
👉 https://hackerone.com/reports/1415241
🔹 Severity: Medium | 💰 245 USD
🔹 Reported To: Elastic
🔹 Reported By: #newspaper
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 8:14am (UTC)
LOGJ4 VUlnerability [HtUS]
👉 https://hackerone.com/reports/1624137
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fklet
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:07pm (UTC)
👉 https://hackerone.com/reports/1624137
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fklet
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:07pm (UTC)
Reflected XSS | https://████████
👉 https://hackerone.com/reports/1736433
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:33pm (UTC)
👉 https://hackerone.com/reports/1736433
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:33pm (UTC)
Reflected XSS | https://████
👉 https://hackerone.com/reports/1736432
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:34pm (UTC)
👉 https://hackerone.com/reports/1736432
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:34pm (UTC)
IDOR on ███████ [HtUS]
👉 https://hackerone.com/reports/1627974
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:36pm (UTC)
👉 https://hackerone.com/reports/1627974
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:36pm (UTC)
Open Redirect at █████
👉 https://hackerone.com/reports/1634105
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #angeltsvetkov
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:37pm (UTC)
👉 https://hackerone.com/reports/1634105
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #angeltsvetkov
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:37pm (UTC)
Reflected XSS in chatbot
👉 https://hackerone.com/reports/1735622
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #roland_hack
🔹 State: 🟢 Resolved
🔹 Disclosed: November 19, 2022, 3:56pm (UTC)
👉 https://hackerone.com/reports/1735622
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #roland_hack
🔹 State: 🟢 Resolved
🔹 Disclosed: November 19, 2022, 3:56pm (UTC)
No rate limiting for Remove Account lead to huge Mass mailings
👉 https://hackerone.com/reports/1723445
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #tanvir_0x
🔹 State: 🟢 Resolved
🔹 Disclosed: November 20, 2022, 9:08am (UTC)
👉 https://hackerone.com/reports/1723445
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #tanvir_0x
🔹 State: 🟢 Resolved
🔹 Disclosed: November 20, 2022, 9:08am (UTC)
Dependecy Confusion via Lookup Request Forwarding to PyPi.org
👉 https://hackerone.com/reports/1681275
🔹 Severity: No Rating
🔹 Reported To: GitLab
🔹 Reported By: #usd-responsible-disclosure
🔹 State: ⚪️ Informative
🔹 Disclosed: November 21, 2022, 3:49am (UTC)
👉 https://hackerone.com/reports/1681275
🔹 Severity: No Rating
🔹 Reported To: GitLab
🔹 Reported By: #usd-responsible-disclosure
🔹 State: ⚪️ Informative
🔹 Disclosed: November 21, 2022, 3:49am (UTC)
Open redirect that can lead to malicious websites
👉 https://hackerone.com/reports/1771749
🔹 Severity: No Rating
🔹 Reported To: AMBER AI
🔹 Reported By: #mrdot404
🔹 State: ⚪️ Informative
🔹 Disclosed: November 21, 2022, 7:24am (UTC)
👉 https://hackerone.com/reports/1771749
🔹 Severity: No Rating
🔹 Reported To: AMBER AI
🔹 Reported By: #mrdot404
🔹 State: ⚪️ Informative
🔹 Disclosed: November 21, 2022, 7:24am (UTC)
Support Portal Takeover via Leaked API KEY
👉 https://hackerone.com/reports/1766228
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: AMBER AI
🔹 Reported By: #khizer47
🔹 State: 🟢 Resolved
🔹 Disclosed: November 22, 2022, 9:55am (UTC)
👉 https://hackerone.com/reports/1766228
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: AMBER AI
🔹 Reported By: #khizer47
🔹 State: 🟢 Resolved
🔹 Disclosed: November 22, 2022, 9:55am (UTC)
DoS via Automatic Response Message
👉 https://hackerone.com/reports/1680241
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)
👉 https://hackerone.com/reports/1680241
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)
DoS via Playbook
👉 https://hackerone.com/reports/1685979
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)
👉 https://hackerone.com/reports/1685979
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Mattermost
🔹 Reported By: #vultza
🔹 State: 🟢 Resolved
🔹 Disclosed: November 23, 2022, 2:55pm (UTC)
RubyのCGIライブラリにHTTPレスポンス分割(HTTPヘッダインジェクション)があり、秘密情報が漏洩する
👉 https://hackerone.com/reports/1204695
🔹 Severity: High
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:46am (UTC)
👉 https://hackerone.com/reports/1204695
🔹 Severity: High
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:46am (UTC)
👍1
CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装
👉 https://hackerone.com/reports/1204977
🔹 Severity: Low
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:47am (UTC)
👉 https://hackerone.com/reports/1204977
🔹 Severity: Low
🔹 Reported To: Ruby
🔹 Reported By: #htokumaru
🔹 State: 🟢 Resolved
🔹 Disclosed: November 24, 2022, 1:47am (UTC)
XSS in Desktop Client in the notifications
👉 https://hackerone.com/reports/1668028
🔹 Severity: Low | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 11:29am (UTC)
👉 https://hackerone.com/reports/1668028
🔹 Severity: Low | 💰 750 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 11:29am (UTC)
XSS in Desktop Client via user status and information
👉 https://hackerone.com/reports/1707977
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:44pm (UTC)
👉 https://hackerone.com/reports/1707977
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:44pm (UTC)
XSS in Desktop Client in call notification popup
👉 https://hackerone.com/reports/1711847
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:45pm (UTC)
👉 https://hackerone.com/reports/1711847
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #mikeisastar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 3:45pm (UTC)
SSRF - pivoting in the private LAN
👉 https://hackerone.com/reports/1364797
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 5:20pm (UTC)
👉 https://hackerone.com/reports/1364797
🔹 Severity: Low
🔹 Reported To: Concrete CMS
🔹 Reported By: #adrian_t
🔹 State: 🟢 Resolved
🔹 Disclosed: November 25, 2022, 5:20pm (UTC)