8x8: Disclosure of Users Information On Wordpress Api [https://jitsi.org/]

2020-01-12T17:42:28
ID H1:772778
Type hackerone
Reporter 0xelkomy
Modified 2020-01-23T01:02:40

Description

Jitsi was running a default WordPress site that had not yet been hardened to prevent user enumeration via the API.