| 1 |
Server Side Request Forgery (SSRF) via Analytics Reports |
$25000.0 |
| 2 |
Account takeover via leaked session cookie |
$20000.0 |
| 3 |
An attacker can archive and unarchive any structured scope object on HackerOne |
$12500.0 |
| 4 |
View Titles of Private Reports with pending email invitation |
$12500.0 |
| 5 |
Partial disclosure of report activity through new "Export as .zip" feature |
$10000.0 |
| 6 |
Information Disclosure in /skills call |
$10000.0 |
| 7 |
Markdown parsing issue enables insertion of malicious tags and event handlers |
$5000.0 |
| 8 |
Account creation with invalid email addresses / email is accepting % and %0d%0a line termination chars |
$3750.0 |
| 9 |
Blind SSRF on errors.hackerone.net due to Sentry misconfiguration |
$3500.0 |
| 10 |
Discrepancy in hacker profile report count may reveal existence of a private program by publishing a report |
$3000.0 |
| 11 |
HackerOne Jira integration plugin Leaked JWT to unauthorized jira users |
$3000.0 |
| 12 |
Team object in GraphQL discloses team group names and permissions |
$2500.0 |
| 13 |
Team object in GraphQL disclosed total number of whitelisted hackers |
$2500.0 |
| 14 |
Proper verification is not done before sending invitations to researchers for certain private programs with rules e.g. "Participants must be US-based" |
$2500.0 |
| 15 |
IE only: stored Cross-Site Scripting (XSS) vulnerability through Program Asset identifier |
$2500.0 |
| 16 |
A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately |
$2500.0 |
| 17 |
Denial of service via cache poisoning |
$2500.0 |
| 18 |
Private program disclosure via vpn_suspended GraphQL query |
$2500.0 |
| 19 |
Unauthorized user can obtain report_sources attribute through Team GraphQL object |
$2500.0 |
| 20 |
Uploading large payload on domain instructions causes server-side DoS |
$2500.0 |
| 21 |
Near to Infinite loop when changing Group's name that has API token as Team Member |
$2500.0 |
| 22 |
GraphQL field on Team node can be used to determine if External Program runs invite-only program |
$2500.0 |
| 23 |
Team object in GraphQL disclosed private_comment |
$2500.0 |
| 24 |
Slack integration setup lacks CSRF protection |
$2500.0 |
| 25 |
Partial report contents leakage - via HTTP/2 concurrent stream handling |
$2500.0 |
| 26 |
Disclosure handle private program with external link |
$2500.0 |
| 27 |
Triager/Team members can edit hacker's report and hacker is not even notified |
$2500.0 |
| 28 |
Draft report exposure via slack alerting system for programs |
$2500.0 |
| 29 |
New Search Feature: Search for non-public words in limited disclosure reports |
$2500.0 |
| 30 |
Server Side Request Forgery (SSRF) in webhook functionality |
$2500.0 |
| 31 |
Possible PII Disclosure via Advanced Vetting Process - ██████ |
$2500.0 |
| 32 |
LLM01: Invisible Prompt Injection |
$2500.0 |
| 33 |
Private draft report exposure in a program a user is added as a viewer to |
$2500.0 |
| 34 |
A HackerOne employee's GitHub personal access token exposed in Travis CI build logs |
$2000.0 |
| 35 |
The request tells the number of private programs, the new system of authorization /invite/token |
$2000.0 |
| 36 |
Reading redacted data via hackbot's answers |
$1500.0 |
| 37 |
Query parameter reordering causes redirect page to render unsafe URL |
$1500.0 |
| 38 |
Changing Victim's JIRA Integration Settings Through Multiple Bugs |
$1000.0 |
| 39 |
View Any Program's Team Members through GET https://hackerone.com/invitations/ |
$1000.0 |
| 40 |
HackerOne Staging uses Production data for testing |
$1000.0 |
| 41 |
Takeover of hackerone.engineering via Github |
$1000.0 |
| 42 |
Create miscellaneous support ticket on anyone's account through [email protected] email |
$1000.0 |
| 43 |
Unauthorized Ticket can be created by an Attacker in user's Helpdesk account |
$1000.0 |
| 44 |
IE 11 Self-XSS on Jira Integration Preview Base Link |
$750.0 |
| 45 |
RXSS at image.hackerone.live via the url parameter |
$500.01 |
| 46 |
Information leakage of private program |
$500.0 |
| 47 |
Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers |
$500.0 |
| 48 |
HackerOne reports escalation to JIRA is CSRF vulnerable |
$500.0 |
| 49 |
Lack of input sanitization in Marketo form leads to execution of HTML in lead emails |
$500.0 |
| 50 |
Common response suggestion is sent to Google Analytics when user accepts duplicate comment Genius suggestion |
$500.0 |
| 51 |
Updating payout preference to CurrencyCloud doesn't notify user via email |
$500.0 |
| 52 |
ImageMagick GIF coder vulnerability leading to memory disclosure |
$500.0 |
| 53 |
h1-202 leaderboard photo discloses local wifi password |
$500.0 |
| 54 |
Email Forwarding invitations for Drafts are not marked as accepted, allowing multiple users to join a program after disabling Email Forwarding |
$500.0 |
| 55 |
People who interviewed for HackerOne security analyst position can be enumerated and their personal email address may be exposed |
$500.0 |
| 56 |
Invalid Phabricator API token revealed through error message when escalating a report |
$500.0 |
| 57 |
Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot |
$500.0 |
| 58 |
User with privilege to maintain External Programs can update certain churned HackerOne programs |
$500.0 |
| 59 |
Hacker can request mediation for published reports |
$500.0 |
| 60 |
Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report |
$500.0 |
| 61 |
Inline banner on Report page discloses whether organization runs a private program |
$500.0 |
| 62 |
Submitting report through Embedded Submission form gives user indefinite access to a profile |
$500.0 |
| 63 |
Response program can create bounty table |
$500.0 |
| 64 |
Response program can display "eligible for bounty" in scope area in program policy |
$500.0 |
| 65 |
Cross-site Scripting (XSS) on HackerOne careers page |
$500.0 |
| 66 |
DOM Based XSS in www.hackerone.com via PostMessage |
$500.0 |
| 67 |
Deprecated Hacker101 coursework repository mentions Heroku App that is susceptible to takeover |
$500.0 |
| 68 |
Invited team member can disclosure slack channels |
$500.0 |
| 69 |
Repeated mediation requests and multiple emails possible on a report. |
$500.0 |
| 70 |
HackerOne Integrations Design Issue |
$500.0 |
| 71 |
Account recovery text message is sending a wrong domain to users. |
$500.0 |
| 72 |
Disclosing a private program in an external link if program is paused |
$500.0 |
| 73 |
Disclosure of Email title report in quick award paypout email (no content mode) |
$500.0 |
| 74 |
Team object in GraphQL disclosed of private programs via the industry |
$500.0 |
| 75 |
Total Paid Bounty Paid can be disclose |
$500.0 |
| 76 |
Reflected XSS on www.hackerone.com and resources.hackerone.com |
$500.0 |
| 77 |
Disclosure of the name of a program that has a private part with an external link |
$500.0 |
| 78 |
Login CSRF vulnerability on hackerone.com |
$500.0 |
| 79 |
Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted |
$500.0 |
| 80 |
Reflected XSS on www.hackerone.com via Wistia embed code |
$500.0 |
| 81 |
The hacker has access to the administrative part of the management reports in publish report |
$500.0 |
| 82 |
Dangling cloud instance at vpn.inverselink.com |
$500.0 |
| 83 |
"Bounty splitting enabled" can discloses if public VDPs are running private VRP |
$500.0 |
| 84 |
Private program disclosure of ██████████ through notifications |
$500.0 |
| 85 |
Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs |
$500.0 |
| 86 |
An invite-only's program submission state is accessible to users no longer part of the program |
$500.0 |
| 87 |
Private program disclosure through notifications |
$500.0 |
| 88 |
Tab nabbing in Hackerone inbox. |
$500.0 |
| 89 |
Private invitation links/tokens leak to third-party analytics site |
$500.0 |
| 90 |
HTML Injection in email via Name field |
$500.0 |
| 91 |
Race condition in joining CTF group |
$500.0 |
| 92 |
HackerOne Undisclosed Report Leak via PoC of Full Disclosure on Hacktivity |
$500.0 |
| 93 |
adding h1_analyst_* to username for normal users |
$500.0 |
| 94 |
Ability to bulk submit reports via query named based batching |
$500.0 |
| 95 |
Ability to identify actual private from sandboxed programs using link hackerone.com/$handle/terms_acceptance_data.csv |
$500.0 |
| 96 |
Program profile_metrics.json contains time to triage for deptofdefense even it's turned off |
$250.0 |
| 97 |
Can read features from any user |
$250.0 |
| 98 |
LLM03: Training Data Poisoning via ASCII decoding |
$200.0 |
| 99 |
Hacker email disclosed on submission at hackerone hactivity |
$100.0 |
| 100 |
Some limited confidential information can still be accessed after a user exits a private program |
$50.0 |
| 101 |
Reward Money Leakage |
$0.0 |
| 102 |
Ability to monitor reports' submission in real time |
$0.0 |
| 103 |
Requesting Mediation possible on reports that are too old for mediation |
$0.0 |
| 104 |
Non-secure requests are not automatically upgraded to HTTPS |
$0.0 |
| 105 |
Disclosure of external users invited to a specific report |
$0.0 |
| 106 |
Know undisclosed Bounty Amount when Bounty Statistics are enabled. |
$0.0 |
| 107 |
Users contents on AWS is cacheable |
$0.0 |
| 108 |
Ability to enumerate private programs using SAML |
$0.0 |
| 109 |
Hacker.One Subdomain Takeover |
$0.0 |
| 110 |
Obtain the username & the uid of the one doing the S3 sync on Hackerone |
$0.0 |
| 111 |
Possible CSRF during external programs |
$0.0 |
| 112 |
(HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation |
$0.0 |
| 113 |
Information disclosure via policy update notifications after removal from program |
$0.0 |
| 114 |
Researcher gets email updates on a private program after he/she quits that program. |
$0.0 |
| 115 |
Internal attachments can be exported via "Export as .zip" feature |
$0.0 |
| 116 |
Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?) |
$0.0 |
| 117 |
Disclose any user's private email through API |
$0.0 |
| 118 |
Report redaction doesn't apply to report title update activities |
$0.0 |
| 119 |
Websites opened from reports can change url of report page |
$0.0 |
| 120 |
Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com |
$0.0 |
| 121 |
Limited Open redirection using SSO-SAML |
$0.0 |
| 122 |
Subdomain takeover at info.hacker.one |
$0.0 |
| 123 |
Example HackerOne security@ forward domain is not registered |
$0.0 |
| 124 |
javascript: and mailto: links are allowed in JIRA integration settings |
$0.0 |
| 125 |
HackerOne is still prone to Internet Explorer UXSS |
$0.0 |
| 126 |
Able to create basic user account via Google login on HackerOne Drupal CMS |
$0.0 |
| 127 |
Subdomain takeover #2 at info.hacker.one |
$0.0 |
| 128 |
CRLF injection in info.hacker.one |
$0.0 |
| 129 |
WannaCrypt “Killswitch” |
$0.0 |
| 130 |
Report invitation links not restricted to any existing user |
$0.0 |
| 131 |
www.hackerone.com website CSP "script-src" includes "unsafe-inline" |
$0.0 |
| 132 |
Race condition leads to duplicate payouts |
$0.0 |
| 133 |
Information leakage via CSV when content is valid JavaScript |
$0.0 |
| 134 |
Subdomain takeover #4 at info.hacker.one |
$0.0 |
| 135 |
Subdomain takeover #3 at info.hacker.one |
$0.0 |
| 136 |
Insecure SHA1withRSA in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com |
$0.0 |
| 137 |
Invitation tokens leak to Google Analytics |
$0.0 |
| 138 |
Missing Certificate Authority Authorization rule |
$0.0 |
| 139 |
Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP |
$0.0 |
| 140 |
IDOR on HackerOne Feedback Review |
$0.0 |
| 141 |
resolved bugs in a program are public despite the program settings |
$0.0 |
| 142 |
Homograph fix Bypass |
$0.0 |
| 143 |
Report Private Links Leaks to Google Analytics via Query String Param |
$0.0 |
| 144 |
Adding or removing a new non-preferred payout method does not trigger an e-mail or account notification |
$0.0 |
| 145 |
Search query text, including from potentially undisclosed reports, sent to Google Analytics on Inbox query page |
$0.0 |
| 146 |
Private partial disclosure of h1 infrastructure |
$0.0 |
| 147 |
Blind SSRF in "Integrations" by abusing a bug in Ruby's native resolver. |
$0.0 |
| 148 |
Program profile metrics endpoint contains mean time to triage, even when turned off |
$0.0 |
| 149 |
Private Program all members disclosed |
$0.0 |
| 150 |
Additional bypass allows SSRF for internal netblocks |
$0.0 |
| 151 |
Issue with password change in Disabled Account |
$0.0 |
| 152 |
Pending member invitations are not revoked on program name change |
$0.0 |
| 153 |
Reverse Tabnabbing Vulnerability in Outgoing Links |
$0.0 |
| 154 |
Introspection query leaks sensitive graphql system information. |
$0.0 |
| 155 |
IDOR on Program Visibilty (Revealed / Concealed) against other team members |
$0.0 |
| 156 |
Validation message in Bounty award endpoint can be used to determine program balances |
$0.0 |
| 157 |
GraphQL sessions aren't immediately invalidated when user password is changed |
$0.0 |
| 158 |
Invalid Host detection at https://hackerone.com/redirect |
$0.0 |
| 159 |
Able To Check The Exact Bounty Balance of any Bug Bounty Program |
$0.0 |
| 160 |
Content Security Policy not applied to error pages at multiple HackerOne endpoints |
$0.0 |
| 161 |
Open redirect deceive in hackerone.com via another open redirect link. |
$0.0 |
| 162 |
Missing Password Confirmation at a Critical Function (Payout Method) |
$0.0 |
| 163 |
Partial disclosure of undisclosed programs through tags |
$0.0 |
| 164 |
Invitation token leaks to https://bat.bing.com |
$0.0 |
| 165 |
Submitted reports state logs leakage |
$0.0 |
| 166 |
While adding a payment method - Notification email not sent to newly added email ID as well as there is no verification for new email id (Paypal) |
$0.0 |
| 167 |
Domain spoofing in redirect page using RTLO |
$0.0 |
| 168 |
Reputation gain split by company can be used to track the existence of otherwise undisclosed reports |
$0.0 |
| 169 |
Information Disclosure which violate program privacy |
$0.0 |
| 170 |
Open Redirection in index.php page |
$0.0 |
| 171 |
HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms |
$0.0 |
| 172 |
Leakage badges on disabled user |
$0.0 |
| 173 |
Extra program metrics disclosed via /PROGRAM_NAME json response |
$0.0 |
| 174 |
Unicorn worker pool exhaustion by continuously updating payout preferences |
$0.0 |
| 175 |
Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature |
$0.0 |
| 176 |
Program metrics disclosed response_efficiency_percentage via /program_name json response despite the team decided not to show on their profile |
$0.0 |
| 177 |
Private program email forwarding response invitation not expire after first use. |
$0.0 |
| 178 |
HackerOne support disclosing report state without checking user identity |
$0.0 |
| 179 |
Lack of cross-origin request blocking allows leaking of sensitive information on several endpoints |
$0.0 |
| 180 |
Exposing hackerone users personally identifiable information by abusing sandbox with swag reward enabled |
$0.0 |
| 181 |
User object in GraphQL exposes number of trial reports for External Programs that also have a Private Program |
$0.0 |
| 182 |
CSRF at [Apply to this program] that lead to submit your request automatic with out any validations |
$0.0 |
| 183 |
Team object in GraphQL that have a published external program may expose existence of a private program |
$0.0 |
| 184 |
Ajouter le même utilisateur que celui déjà inscrit dans les équipes |
$0.0 |
| 185 |
Information leakage - Private reports cached by Google |
$0.0 |
| 186 |
Team object exposes amount of participants in a private program to non-invited users |
$0.0 |
| 187 |
HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information |
$0.0 |
| 188 |
Content spoofing and potential Cross-Site Scripting vulnerability on www.hackerone.com |
$0.0 |
| 189 |
TeamProfile exposes partially sensitive information through GraphQL |
$0.0 |
| 190 |
Private program policy page still accessible after user left the program |
$0.0 |
| 191 |
Internal usage of AdBlockPlus may expose PoC URLs to unknown third-parties |
$0.0 |
| 192 |
Unauthenticated user can upload an attachment to the last updated report draft |
$0.0 |
| 193 |
Improper UUID validation results in bypass of #419896 |
$0.0 |
| 194 |
Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form |
$0.0 |
| 195 |
Disclosure of top 10 vulnerability types for programs that haven't enabled the Insights feature |
$0.0 |
| 196 |
Self DOM-Based XSS in www.hackerone.com |
$0.0 |
| 197 |
Accidental Access to Programs Information via SAML Login |
$0.0 |
| 198 |
Attacker can claim credentials for private program that has a published external program |
$0.0 |
| 199 |
SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter |
$0.0 |
| 200 |
Revoking user session in https://hackerone.com/settings/sessions does not revoke the GraphQL query session |
$0.0 |
| 201 |
GitHub users outside of HackerOne organization can create and update Wiki pages of certain public HackerOne repositories |
$0.0 |
| 202 |
A user can request a report to be retested even though the program has not been verified by HackerOne |
$0.0 |
| 203 |
Race condition in performing retest allows duplicated payments |
$0.0 |
| 204 |
Timing attack towards endpoints on the web without CSRF |
$0.0 |
| 205 |
Information disclosure |
$0.0 |
| 206 |
@wearehackerone.com is vulnerable to namespace attacks due to hackerone.com not being RFC2142 compliant. |
$0.0 |
| 207 |
User login page doesn't implement any form of rate limiting |
$0.0 |
| 208 |
Embedded submission form UUIDs can be enumerated through GraphQL node interface, exposing sensitive program details |
$0.0 |
| 209 |
Disclosure of h1 challenges name through the calendar |
$0.0 |
| 210 |
Open redirect vulnerability in index.php |
$0.0 |
| 211 |
Confidential data of users and limited metadata of programs and reports accessible via GraphQL |
$0.0 |
| 212 |
report id is exposed for undisclosed reports in Hacktivity |
$0.0 |
| 213 |
A small set of users were assigned someone else's payout preference |
$0.0 |
| 214 |
Corrupted Authorization header can cause logs not to be ingested properly in ████████ |
$0.0 |
| 215 |
Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com |
$0.0 |
| 216 |
Path traversal leading to limited CSRF on GET requests on two endpoints |
$0.0 |
| 217 |
CSV Injection at the CSV export feature |
$0.0 |
| 218 |
Emails of invited collaborators are disclosed in full in payload for report participants |
$0.0 |
| 219 |
Hogging up all the resources on hackerone.com |
$0.0 |
| 220 |
Verbose PHP error messages exposed on a blog article |
$0.0 |
| 221 |
Lack of length validation on user address attribute |
$0.0 |
| 222 |
Missing rate limit on critical user actions e.g. reset password, change email, disable account. |
$0.0 |
| 223 |
Missing Certificate Authority Authorization rule |
$0.0 |
| 224 |
Previous attachments can be referenced when creating a new report |
$0.0 |
| 225 |
Homograph attack in escalate report |
$0.0 |
| 226 |
Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint |
$0.0 |
| 227 |
Moving a report to a different program doesn't reassign the Custom Field Values |
$0.0 |
| 228 |
DOM Based XSS in www.hackerone.com via PostMessage (bypass of #398054) |
$0.0 |
| 229 |
Open Redirection in [https://www.hackerone.com/index.php] |
$0.0 |
| 230 |
Banned researcher gets email updates on a private program. |
$0.0 |
| 231 |
API Last Request Date/Time Not Updating |
$0.0 |
| 232 |
Race condition in claiming program credentials |
$0.0 |
| 233 |
Password not checked when disabling 2FA on HackerOne |
$0.0 |
| 234 |
Team member with Program permission only can escalate to Admin permission |
$0.0 |
| 235 |
Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled |
$0.0 |
| 236 |
View HackerOne challenge scope before challenge begins |
$0.0 |
| 237 |
Race Condition in Flag Submission |
$0.0 |
| 238 |
Private information exposed through GraphQL filters |
$0.0 |
| 239 |
Total bounties paid amount is disclosed because of redesign of the Program Profiles |
$0.0 |
| 240 |
Program Email Nofication settings ignored when being added as an external contributor |
$0.0 |
| 241 |
Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264 |
$0.0 |
| 242 |
IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs |
$0.0 |
| 243 |
[Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content" |
$0.0 |
| 244 |
Manipulate hacker profile and private program hacktivity to expose your name as researchers who is actively submitting reports with resolve status |
$0.0 |
| 245 |
Any user with access to program can resume and suspend HackerOne Gateway |
$0.0 |
| 246 |
Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent |
$0.0 |
| 247 |
Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible |
$0.0 |
| 248 |
latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users |
$0.0 |
| 249 |
Disclosure of payment_transactions for programs via GraphQL query |
$0.0 |
| 250 |
Session hijacking attack |
$0.0 |
| 251 |
Information Disclosure when /invitations/.json is not yet accepted |
$0.0 |
| 252 |
ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages |
$0.0 |
| 253 |
IDOR in Bugs overview enables attacker to determine the date range a hackathon was active |
$0.0 |
| 254 |
How the Bug stole hacking |
$0.0 |
| 255 |
Email address of any user can be queried on Report Invitation GraphQL type when username is known |
$0.0 |
| 256 |
"Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics |
$0.0 |
| 257 |
HackerOne Pentesters can access any structured scope object through GraphQL node interface |
$0.0 |
| 258 |
Disabled account can still use GraphQL endpoint |
$0.0 |
| 259 |
Unauthenticated users can obtain information about Checklist objects with unclaimed ChecklistCheck objects |
$0.0 |
| 260 |
Race Condition leads to undeletable group member |
$0.0 |
| 261 |
profile-picture name parameter with large value lead to DoS for other users and programs on the platform |
$0.0 |
| 262 |
program_analytics_benchmarks query shows information not visible in public |
$0.0 |
| 263 |
Read-only team members can read all properties of webhooks |
$0.0 |
| 264 |
Potential stored Cross-Site Scripting vulnerability in Support Backend |
$0.0 |
| 265 |
GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend |
$0.0 |
| 266 |
Subdomain takeover of resources.hackerone.com |
$0.0 |
| 267 |
404-response contains debug-information with all headers |
$0.0 |
| 268 |
Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request |
$0.0 |
| 269 |
Unauthorized access to metadata of undisclosed reports that were retested |
$0.0 |
| 270 |
Attacker may be able to bounce enough emails which suspend HackerOne's SES service and cause a DoS of HackerOne's email service |
$0.0 |
| 271 |
SAML Response Reuse on hackerone.com/users/saml/auth |
$0.0 |
| 272 |
Recently added 'Country' field doesn't send email notification when changed |
$0.0 |
| 273 |
Graphql: Sorting the reports by jira_status field resulted to different value |
$0.0 |
| 274 |
Making program preference -> program visibilty feature usless and disclosing API Identifier in the progress and data that may cause potential IDORS. |
$0.0 |
| 275 |
2020-10-09 Credential Stuffing Attack |
$0.0 |
| 276 |
Getting New Invitations without Leaving Programs |
$0.0 |
| 277 |
Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.████.com) |
$0.0 |
| 278 |
Security@ email forwarding and Embedded Submission drafts can be used to obtain copy of deleted attachments from other HackerOne users |
$0.0 |
| 279 |
Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent] |
$0.0 |
| 280 |
Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement |
$0.0 |
| 281 |
Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos |
$0.0 |
| 282 |
Stored XSS on https://events.hackerone.com |
$0.0 |
| 283 |
Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io |
$0.0 |
| 284 |
Reflected XSS and possible SSRF/XXE on https://events.hackerone.com/conferences/get_recording_slides_xml.xml?url=myserver/xss.xml |
$0.0 |
| 285 |
Ability to invite a new member on Sandbox Program |
$0.0 |
| 286 |
Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token. |
$0.0 |
| 287 |
Hackerone is not properly deleting user id |
$0.0 |
| 288 |
HackerOne making payments in USDC (Coinbase stable coin) |
$0.0 |
| 289 |
Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission |
$0.0 |
| 290 |
Report Duplicate Detector can match deleted and draft reports, may disclose title and vulnerability information |
$0.0 |
| 291 |
Stored XSS in IE11 on hackerone.com via custom fields |
$0.0 |
| 292 |
New link opening method makes hackerone vulnerable to tabnabbing |
$0.0 |
| 293 |
Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback |
$0.0 |
| 294 |
Internal Gitlab Ticket Disclosure via External Slack Channels |
$0.0 |
| 295 |
Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information |
$0.0 |
| 296 |
PII data Leakage through hackerone reports |
$0.0 |
| 297 |
Hacker can bypass minimum bounty amount restrictions in "invitation preferences" setting via UpdateInvitationPreferencesMutation GraphQL operation |
$0.0 |
| 298 |
Leaked H1's Employees Email addresses,meeting info on private bug bounty program ████████ |
$0.0 |
| 299 |
Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack |
$0.0 |
| 300 |
Attachment references in markdown don't warn before downloading |
$0.0 |
| 301 |
[Bypass] Ability to invite a new member in sandbox Organization |
$0.0 |
| 302 |
Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid} |
$0.0 |
| 303 |
June 2022 Incident Report |
$0.0 |
| 304 |
Ability to escape database transaction through SQL injection, leading to arbitrary code execution |
$0.0 |
| 305 |
Any organization's assets pending review can be downloaded |
$0.0 |
| 306 |
Private information exposed through GraphQL search endpoints aggregates |
$0.0 |
| 307 |
HTML injection that may lead to XSS on HackerOne.com through H1 Triage Wizard Chrome Extension |
$0.0 |
| 308 |
Users querying dim_hacker_reports table through Analytics API can determine data from dim_reports table using WHERE or HAVING query |
$0.0 |
| 309 |
SQL Injection in CVE Discovery Search |
$0.0 |
| 310 |
Scope information is leaked when visiting policy scopes tab of any External Program |
$0.0 |
| 311 |
Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget |
$0.0 |
| 312 |
information disclosure of another company bug on video. |
$0.0 |
| 313 |
[CVE-2022-44268] Arbitrary Remote Leak via ImageMagick |
$0.0 |
| 314 |
Insecure Direct Object Reference (IDOR) - Delete Campaigns |
$0.0 |
| 315 |
HTML injection in email at https://www.hackerone.com/ |
$0.0 |
| 316 |
Program managers can see draft reports using Export Reports feature |
$0.0 |
| 317 |
Any one can view collaborater email address via path /reports//participants |
$0.0 |
| 318 |
Attachment in published HackerOne report exposure private program |
$0.0 |
| 319 |
Improper CSRF token validation allows attackers to access victim's accounts linked to Hackerone |
$0.0 |
| 320 |
Internal machine learning API endpoint for CWE classification is vulnerable to path traversal |
$0.0 |
| 321 |
Banned user still able to invited to reports as a collabrator and reset the password |
$0.0 |
| 322 |
2M Reports on HackerOne Celebration! - Ability to bulk-submit many reports. |
$0.0 |
| 323 |
Asset Inventory Internal Descriptions are leaked in CSV export |
$0.0 |
| 324 |
Register & create a ticket as somebody else on HackerOne Support |
$0.0 |
| 325 |
Usernames still visible on report export pdf despite "I want to redact all usernames" is selected |
$0.0 |
| 326 |
HackerOne Support System Doesn't Require Any Authentication May Lead Unauthorized Action |
$0.0 |
| 327 |
Hackerone All Private Program Name Leaked to Public Via Collaborator OR Attacker can Easily Dump all Private Program Names through Collaborator |
$0.0 |
| 328 |
Bypass of #2035332 RXSS at image.hackerone.live via the url parameter |
$0.0 |
| 329 |
Staff and Triage can modify the initial post of a report, including of already disclosed reports |
$0.0 |
| 330 |
Names not completely redacted despite "Redact the names of the involved users" is selected |
$0.0 |
| 331 |
Support Tickets can be created on behalf of other users using spoofed email | Bypass of #2001913 |
$0.0 |
| 332 |
IDOR: Authorization Bypass in LockReport Mutation for public reports |
$0.0 |
| 333 |
Able to see Bonus amount given to a report even if the bounty and Bonus is not visible to public or mentioned in {Report-Id}.json |
$0.0 |
| 334 |
Hackers two email disclosed on submission at hackerone hactivity |
$0.0 |
| 335 |
IDOR vulnerability in unreleased HackerOne Copilot feature |
$0.0 |
| 336 |
Bypass report submit restriction/ban using the API key |
$0.0 |
| 337 |
Google Docs link in JS files allows editing & reading survey information |
$0.0 |
| 338 |
Organization members can delete reports in teams they have no access to |
$0.0 |
| 339 |
Private program name disclosure in the invitation mail for another program |
$0.0 |
| 340 |
How the Arch Angel stole Live Events |
$0.0 |
| 341 |
An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed |
$0.0 |
| 342 |
Program admins could add verified domains to an organization |
$0.0 |
| 343 |
Being able to disclose IBB bounty table of any public program |
$0.0 |
| 344 |
View any user email using the Team's audit log section |
$0.0 |
| 345 |
New Hacktivity features:Bounty rewards leakage Where programs doesn’t decide to disclose bounty in limited disclosure report |
$0.0 |
| 346 |
Attachment disclosure via summary report |
$0.0 |
| 347 |
Creation of bounties through Customer API leads to private email disclosure |
$0.0 |
| 348 |
An attacker can can view any hacker email via /SaveCollaboratorsMutation operation name |
$0.0 |
| 349 |
IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query |
$0.0 |
| 350 |
HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization |
$0.0 |
| 351 |
Confirmed #2118458: Intentional redirect from www.hackerone.com to domain which is up for sale |
$0.0 |
| 352 |
Cloud Computer Hackerone Triager can be Accessible for everyone [[email protected]] computer |
$0.0 |
| 353 |
Any user could upload attachments to pentest scoping form they don't have access to |
$0.0 |
| 354 |
Able to Create Testimonials for myself using Sandbox |
$0.0 |
| 355 |
Insecure Direct Object Reference (IDOR) Allows Viewing Private Report Details via /bugs.json Endpoint |
$0.0 |
| 356 |
Inadequate redaction exposes sensitive information via the “ShareReportViaEmail" GraphQL endpoint |
$0.0 |
| 357 |
[hackerone.com] Program's old handles are not blacklisted like usernames and allows reclaim over past handles for potential abuse |
$0.0 |
| 358 |
[ Spot Check ] Team members can edit a user's write-up |
$0.0 |
| 359 |
[Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery" |
$0.0 |
| 360 |
Access Control Vulnerability Enabling Unauthorized Access to Limited Disclosure Reports |
$0.0 |
| 361 |
[IDOR] Improper Access Control on Embedded Submission Form |
$0.0 |
| 362 |
"package_name" can be set as desired when submitting a Pentest Opportunity form |
$0.0 |
| 363 |
Program Member Could Duplicate Report To A Non Related Program Original Report |
$0.0 |
| 364 |
TOTP Authenticator implementation Accepts Expired Codes |
$0.0 |
| 365 |
Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA |
$0.0 |
| 366 |
Business Logic error leads to bypass 2FA requirement |
$0.0 |
| 367 |
Bypassing Two-Factor Authentication via Account Deactivation and Password Reset |
$0.0 |
| 368 |
Improper Authentication - 2FA OTP Reusable |
$0.0 |
| 369 |
2FA requirement bypass when claiming bounty |
$0.0 |
| 370 |
Bypassing the victim's phone number OTP in the account recovery process on the https://hackerone.com/settings/auth/setup_account_recovery |
$0.0 |
| 371 |
Reset the 2FA of the user which can lead to Account Takeover |
$0.0 |
| 372 |
Two-factor authentication bypass lead to information disclosure about the program and all hackers participate |
$0.0 |
| 373 |
2FA Bypass via Leaked Cookies |
$0.0 |
| 374 |
Session Not Expire / 2FA Bypass |
$0.0 |
| 375 |
Two factor authentication bypass |
$0.0 |
| 376 |
2fa can't be activated on app.pullrequest.com |
$0.0 |
| 377 |
Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program |
$0.0 |
| 378 |
Minor security issue with Hackerone Invitations from sandbox program |
$0.0 |
| 379 |
Non Org Admin/Group Manager can create groups in an organization |
$0.0 |
| 380 |
Payload delivery via Social Media urls on H1 profile |
$0.0 |
| 381 |
Private data related to program exposed via /reports/.json endpoint to external user participant |
$0.0 |
| 382 |
Bypass comment restriction |
$0.0 |
| 383 |
Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation |
$0.0 |
| 384 |
inviting collaborator using email disclose the hackerone account related to the user |
$0.0 |