Reports in lark technologies program: S.No Title Bounty 1 Full read SSRF via Lark Docs import as docs feature $5000.0 2 Stored XSS & SSRF in Lark Docs $3000.0 3 RPC Implementation allows unauthenticated remote calls $1250.0 4 [Lark Android] Vulnerability in exported activity WebView $1000.0 5 Hyper Link Injection while signup $0.0 6 Stored xss in larksuite internal helpdesk and other user's helpdesk. $0.0 7 Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option $0.0 8 Stealing app credentials by reflected xss on Lark Suite $0.0 9 Improper generating of access link at go.larksuite.com leads to access to other organizations/users' private data $0.0 10 User with single department permission can view applicant list of all department's $0.0 11 Sensitive information of helpdesk is being leaked. $0.0 12 Messages disclosure via search feature of other users group(Cross-Tenant). $0.0 13 Server Side Request Forgery $0.0 14 Reflected XSS on Lark Suite $0.0 15 Server Side Request Forgery $0.0 16 SSRF with information disclosure $0.0 17 Improper Access Control on Lark Footer Feature $0.0 18 Attacker is able to join any tenant on larksuite and view personal files/chats. $0.0 19 Non privileged user is able to approve his own app himself leading to mass privilege escalations. $0.0 20 [IDOR] Modify other team's reminders via reminderId parameter $0.0 21 Reflected xss and open redirect on larksuite.com using /?back_uri= parameter. $0.0 22 Stored xss on helpdesk using user's city $0.0 23 In orginization stored xss using location (Larksuite survey app) $0.0 24 Able to steal private files by manipulating response using Compose Email function of Lark $0.0 25 Able to steal private files by manipulating response using Auto Reply function of Lark $0.0 26 [AWC-Pune] - User can download files deleted by Admin using shortcuts $0.0 27 Normal User is able to EXPORT Feature Usage Statistics $0.0 28 Access to private file's of helpdesk. $0.0 29 Sub-Dept User Can Add User's To Main Department. $0.0 30 Users Without Permission Can Download Restricted Files $0.0 31 [CSRF] No Csrf protection against sending invitation to join the team. $0.0 32 Ability to View Non-Permitted Admin Log $0.0 33 Removed user can still view comments on the file/documents. $0.0 34 Viewer is able to leak the previous versions of the file $0.0 35 IDOR Allows Viewer to Delete Bin's Files $0.0 36 Privilege Escalation to All-staff group $0.0 37 Accessing/Editing Folders of Other Users in the Orginisation. $0.0 38 Improper Access Control allows OTP bypass $0.0