Reports in gsa bounty program: S.No Title Bounty 1 CI for [example.gov] can be logged in and accessible $2000.0 2 HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute $900.0 3 Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS $750.0 4 Stealing Users OAuth Tokens through redirect_uri parameter $750.0 5 HTTP Request Smuggling on https://labs.data.gov $750.0 6 [IDOR] The authenticated user can restart website build or view build logs on any another Federalist account $350.0 7 The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout $300.0 8 Double Stored Cross-Site scripting in the admin panel $300.0 9 Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers) $300.0 10 Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host $300.0 11 Blind Stored XSS In "Report a Problem" on www.data.gov/issue/ $300.0 12 SSRF/XSPA in labs.data.gov/dashboard/validate $300.0 13 Limited LFI $300.0 14 Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint $300.0 15 The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible $150.0 16 Race condition on the Federalist API endpoints can lead to the Denial of Service attack $150.0 17 Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov $150.0 18 [idp.fr.cloud.gov] Open Redirect $150.0 19 Link poisoning on https://secure.login.gov/ login page $150.0 20 Subdomain Takeover due to unclaimed domain pointing to AWS $150.0 21 SSRF in Search.gov via ?url= parameter $150.0 22 open redirect in eb9f.pivcac.prod.login.gov $150.0 23 federalist.18f.gov vulnerable to Sweet32 attack $0.0 24 {REDACTED}.data.gov subdomain takeover. $0.0 25 Subdomain take-over of {REDACTED}.18f.gov $0.0 26 Email Spoofing - SPF record set to Neutral $0.0 27 Email Spoofing - SPF record set to Neutral $0.0 28 Server Side Misconfiguration (EMAIL SPOOFING) $0.0 29 [api.data.gov] Leak Valid API With out Verification - $0.0 30 Homo graphs attack $0.0 31 CSRF to change Account Security Keys on secure.login.gov $0.0 32 CSRF in generating a new Personal Key $0.0 33 Error Page Content Spoofing or Text Injection $0.0 34 2FA bypass - confirmation tokens don't expire $0.0 35 Subdomain Takeover $0.0 36 SSH server compatible with several vulnerable cryptographic algorithms $0.0 37 Redirect on authorization allows account compromise $0.0 38 Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone $0.0 39 SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent $0.0 40 Root user disclosure in data.gov domain though x-amz-meta-s3cmd-attrs header $0.0 41 Unclaimed Github Repository Takeover on https://www.data.gov/labs $0.0 42 Nginx misconfiguration leading to direct PHP source code download $0.0 43 Improper Session management can cause account takeover[https://micropurchase.18f.gov] $0.0 44 Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov $0.0 45 xmlrpc.php file enabled - data.gov $0.0 46 Content injection via URL parameter. $0.0 47 Cache poisoning DoS to various TTS assets $0.0 48 Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov $0.0 49 Denial of service via cache poisoning on https://www.data.gov/ $0.0