HackerOne: Private Program and bounty details disclosed as part of JSON search response

2015-08-06T15:41:19
ID H1:80936
Type hackerone
Reporter techguynoob
Modified 2015-08-31T04:10:14

Description

Hello Hackerone Team !!!!

Few days ago ████ invited me for Private disclose !!!

Yesterday I saw fix of this report #80597

So,I deepdigger the JSON serach Response

for example I search this directory

https://hackerone.com/████

https://hackerone.com/████;

Now I access without authentication and i saw the private Program bounty details disclosed as part of JSON search response !!! ,So I assume its a register as private program in hackerone !!!

Response :

████base_bounty:████$

████base_bounty:████$