Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneBoy_child_H1:947725
HistoryJul 30, 2020 - 9:51 a.m.

Rockset: S3 bucket data at http://rockset-support.s3-us-west-2.amazonaws.com/ reveals user addresses based on latitudes and longitudes.

2020-07-3009:51:44
boy_child_
hackerone.com
28
JSON

At the s3 bucket located at http://rockset-support.s3-us-west-2.amazonaws.com/, a file was found called data.json.15that contains of interest latitudes and latitudes of user addresses.
{F930036}

Steps to reproduce:
1, Download the file in the bucket with the command:

aws s3 sync s3://rockset-support .

  1. Open the file labelled data.json.15.

  2. For each line, there will be a set of latitudes and longitudes. Copy a single pair.
    {F930037}

  3. Open Google Maps, enter the coordinates and click search.
    {F930058}

Impact

Specific user location information violates the privacy policy stated by Rockset for its users allowing both targeted phishing attacks and physical risk.

JSON