Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneAleklebio7H1:2278865
HistoryDec 08, 2023 - 8:57 p.m.

HackerOne: Some limited confidential information can still be accessed after a user exits a private program

2023-12-0820:57:05
aleklebio7
hackerone.com
11
bug bounty
private program
limited access

AI Score

6.8

Confidence

High

JSON

Good morning team!!!
I identified a bug where it is possible to access some limited confidential information from a private program even after you have already exited that program.
information like:
:number of domains
:Bounties paid
:Number of hackers paid
:Response efficiency
:Minimum reward and maximum reward
:Sobre

steps:
1:do you accept a private invitation
2:you add this program to your favorites
3:the expiry date for sending reports arrives
4:Now you can no longer send reports to this program or have access to its policy page
5:now go to opportunities -> My programs
6:And there is your program and you have access to the information mentioned above

Impact

Disclosure of private program information

AI Score

6.8

Confidence

High

JSON