HackerOne: HackerOne reports escalation to JIRA is CSRF vulnerable

2017-05-05T20:39:02
ID H1:226418
Type hackerone
Reporter whhackersbr
Modified 2017-08-30T09:33:31

Description

Summary:

HackerOne reports escalation to JIRA is CSRF vulnerable

Description (Include Impact):

An attacker can steal private reports details through a CSRF in HackerOne report escalation to JIRA implementation.

CSRF

GET https://hackerone.com/reports/[REPORT_NUMBER]/escalate

Optional: Supporting Material/References (Screenshots)

  • https://youtu.be/N6JSGA_RIV4