{"id": "H1:547", "hash": "3d9e8ae6cd8bc565c94c22bf89394461", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: CSRF login", "description": "1) Attacker creates a fake account and changes e-mail\r\n2) The e-mail confirmation link can now be used to CSRF login someone into the fake account, then monitor actions performed by the victim or even interact with him.\r\n\r\n\r\n", "published": "2014-01-03T11:22:33", "modified": "2014-01-13T16:42:18", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/547", "reporter": "andrisatteka", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:11", "history": [{"bulletin": {"id": "H1:547", "hash": "76b6cdee288921b32948505d6acbf9c2bb705738599170e5bbeead0d29571292", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: CSRF login", "description": "1) Attacker creates a fake account and changes e-mail\r\n2) The e-mail confirmation link can now be used to CSRF login someone into the fake account, then monitor actions performed by the victim or even interact with him.\r\n\r\n\r\n", "published": "2014-01-03T11:22:33", "modified": "2014-01-13T16:42:18", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/547", "reporter": "andrisatteka", "references": [], "cvelist": [], "lastseen": "2018-02-07T16:58:00", "history": [], "viewCount": 26, "enchantments": {"score": {"value": 2.8, "vector": "AV:N/AC:M/Au:M/C:N/I:P/A:N/", "modified": "2018-02-07T16:58:00"}}, "objectVersion": "1.4", "bounty": 100.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713", "medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "username": "andrisatteka", "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "disabled": false, "url": "/andrisatteka", "is_me?": false}}, "lastseen": "2018-02-07T16:58:00", "edition": 4, "differentElements": ["h1team"]}, {"bulletin": {"id": "H1:547", "hash": "b38f59169ef9d4ce591792b868991f9d4b1cc297c3990827d3ed3e934bd72359", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: CSRF login", "description": "1) Attacker creates a fake account and changes e-mail\r\n2) The e-mail confirmation link can now be used to CSRF login someone into the fake account, then monitor actions performed by the victim or even interact with him.\r\n\r\n\r\n", "published": "2014-01-03T11:22:33", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/547", "reporter": "andrisatteka", "references": [], "cvelist": [], "lastseen": "2017-08-22T11:09:38", "history": [], "viewCount": 14, "enchantments": {}, "objectVersion": "1.4", "bounty": 100.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713", "medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "username": "andrisatteka", "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "url": "/andrisatteka", "disabled": false}}, "lastseen": "2017-08-22T11:09:38", "edition": 1, "differentElements": ["h1reporter"]}, {"bulletin": {"id": "H1:547", "hash": "4aafe820f585956f2473333c7ece86799fc1fae474b63876de995694e82f0e3b", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: CSRF login", "description": "1) Attacker creates a fake account and changes e-mail\r\n2) The e-mail confirmation link can now be used to CSRF login someone into the fake account, then monitor actions performed by the victim or even interact with him.\r\n\r\n\r\n", "published": "2014-01-03T11:22:33", "modified": "1970-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/547", "reporter": "andrisatteka", "references": [], "cvelist": [], "lastseen": "2017-08-28T23:19:23", "history": [], "viewCount": 14, "enchantments": {}, "objectVersion": "1.4", "bounty": 100.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713", "medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "username": "andrisatteka", "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "disabled": false, "url": "/andrisatteka", "is_me?": false}}, "lastseen": "2017-08-28T23:19:23", "edition": 2, "differentElements": ["modified"]}, {"bulletin": {"id": "H1:547", "hash": "afaad29e7241d0b4f599a140f2aced25c85db1cb66c1415b85d0e9a5312d562f", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: CSRF login", "description": "1) Attacker creates a fake account and changes e-mail\r\n2) The e-mail confirmation link can now be used to CSRF login someone into the fake account, then monitor actions performed by the victim or even interact with him.\r\n\r\n\r\n", "published": "2014-01-03T11:22:33", "modified": "2014-01-13T16:42:18", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/547", "reporter": "andrisatteka", "references": [], "cvelist": [], "lastseen": "2017-08-29T13:11:25", "history": [], "viewCount": 26, "enchantments": {"score": {"value": 6.8, "modified": "2017-08-29T13:11:25"}}, "objectVersion": "1.4", "bounty": 100.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713", "medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "username": "andrisatteka", "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "disabled": false, "url": "/andrisatteka", "is_me?": false}}, "lastseen": "2017-08-29T13:11:25", "edition": 3, "differentElements": ["h1reporter"]}], "viewCount": 28, "enchantments": {"score": {"value": 1.2, "vector": "NONE", "modified": "2018-04-19T17:34:11"}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:11"}, "vulnersScore": 1.2}, "objectVersion": "1.4", "bounty": 100.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713", "medium": "https://profile-photos.hackerone-user-content.com/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "username": "andrisatteka", "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "disabled": false, "url": "/andrisatteka", "is_me?": false}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}

{}