{"id": "H1:745447", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Valve: Steam chat - trade offer presentation vulnerability", "description": "It was possible to construct a Steam URL that began with \"/tradeoffer/new\" and included valid partner and token information, but which was in fact an external link. The crafted URL would be treated by the Steam Chat UI as a trade offer and given special visual treatment.", "published": "2019-11-24T19:24:56", "modified": "2020-02-19T00:57:06", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/745447", "reporter": "hackerontwowheels", "references": [], "cvelist": [], "lastseen": "2020-02-19T01:40:21", "viewCount": 3, "enchantments": {"dependencies": {"references": [], "modified": "2020-02-19T01:40:21", "rev": 2}, "score": {"value": 3.3, "vector": "NONE", "modified": "2020-02-19T01:40:21", "rev": 2}, "vulnersScore": 3.3}, "bounty": 750.0, "bountyState": "resolved", "h1team": {"url": "https://hackerone.com/valve", "handle": "valve", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/variants/000/023/363/c78d46a7d0ea39e3a15a7c19c1a48634f2571eb9_original.png/3afcb5c896247e7ee8ada31b1c1eb8657e22241f911093acfe4ec7e97a3a959a", "medium": "https://profile-photos.hackerone-user-content.com/variants/000/023/363/c78d46a7d0ea39e3a15a7c19c1a48634f2571eb9_original.png/eb31823a4cc9f6b6bb4db930ffdf512533928a68a4255fb50a83180281a60da5"}}, "h1reporter": {"disabled": false, "username": "hackerontwowheels", "url": "/hackerontwowheels", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/variants/000/053/853/6aa6ef0a8fb971644a533e15155818aafead8a93_original.jpg/3afcb5c896247e7ee8ada31b1c1eb8657e22241f911093acfe4ec7e97a3a959a"}, "is_me?": false, "cleared": true, "hackerone_triager": false, "hacker_mediation": false}}

{}