Summary:
Docs doppler has an unclaimed broken link on its doc page which can be claimed by any malicious user.
Steps to reproduce:
1.Visit https://docs.doppler.com/docs/removal-deprecated-packages-scripts
2.Click on scheduling a call.
{F3122702}
4.So, I impersonated his identity by forming a fake account called βPage Acquisition by Joao Gomesβ at this link. Here, just for PoC purposes, I assumed the broken link by creating an account with this name doppler-ryan
{F3122718}
Reference: https://hackerone.com/reports/2399386
{F3122743}
The product violates well-established principles for safe design.
A malicious user can create a fake account on that broken redirect link and trick users who arrive at that link.