3202 matches found
HackerOne: GraphQL sessions aren't immediately invalidated when user password is changed
Summary: While changing password, once user clicks on "Change password" button after giving necessary values, on https://hackerone.com/settings/pass/edit, the session expires and the user is redirected to https://hackerone.com/users/signin for logging in again with the updated/changed password. A...
New Relic: [NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key
@jonbottarini discovered an issue with our GraphQL implementation. This allowed a user without the proper authorization access to privileged account information on the same account. The writeup for this issue can read here: https://labs.detectify.com/2018/03/14/graphql-abuse/...