Can access comments and attachments of deleted cards

None...

Notes app can be tricked into using a received share created before the user logged in

None...

Read-only users can restore old versions

None...

ID4me feature of OpenID connect app available even when disabled

None...

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

HackerOne: [ Spot Check ] Team members can edit a user's write-up

Team members could edit a user's spot check write-up. The write-up could be modified through a GraphQL request, even though there was no option to edit the write-up in the user interface. This was considered unintended functionality, as HackerOne had previously fixed vulnerabilities where team...

HackerOne: Improper Authentication - 2FA OTP Reusable

Vulnerability description not provided...

HackerOne: 2FA requirement bypass when claiming bounty

Vulnerability description not provided...

HackerOne: [Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery"

A vulnerability was discovered that allowed hackers to disclose private metadata about Spot Checks, including the number of hackers and the selection criteria. The vulnerability was triggered by navigating to a specific URL and accessing the "SpotCheckSingleQuery" parameter, which returned this...

Tools for Humanity: [Meetup][World ID][OIDC] Insufficient Filtering of "state" Parameter in Response Mode form_post leads to XSS and ATO

A lack of proper validation in the state parameter of the World ID OIDC authentication logic allowed the injection of HTML characters into the response body when using formpost as the OIDC response mode. This vulnerability was mitigated by the Content Security Policy CSP...

HackerOne: Program Member Could Duplicate Report To A Non Related Program Original Report

The vulnerability allowed a program member to duplicate a report to a report that was not related to the original program. This could lead to integrity issues, as the duplicate report should only be from reports within the original program...

HackerOne: Able to Create Testimonials for myself using Sandbox

The vulnerability allowed hackers to create and display self-authored testimonials on their public profiles. This was achieved by creating a sandbox program on HackerOne and inviting an alternate account. The alternate account could submit reports to the sandbox program, and the primary account,...

HackerOne: [IDOR] Improper Access Control on Embedded Submission Form

The researcher discovered an improper access control vulnerability that allowed them to access sensitive program information for private/inactive embedded submission forms by leveraging the form's UUID. The researcher used reconnaissance techniques to obtain a list of UUIDs for various private...

HackerOne: Payload delivery via Social Media urls on H1 profile

The Hackerone platform allowed users to add social media profiles to their profiles, where users could provide their usernames. Due to improper sanitization, users were able to construct their own URLs, except for Twitter which was sanitized. This allowed attackers to hide malicious payloads behi...

HackerOne: Confirmed #2118458: Intentional redirect from www.hackerone.com to domain which is up for sale

The report describes an intentional redirect from www.hackerone.com to a domain that is currently for sale. The report states that the endpoint https://www.hackerone.com/node/9386 automatically redirects to https://www.iotna.com/, and that the domain iotna.com is currently up for sale...

HackerOne: Session Not Expire / 2FA Bypass

Vulnerability description not provided...

HackerOne: Two factor authentication bypass

Vulnerability description not provided...

Exploit for CVE-2024-27983

This repository builds up a vulnerable HTTP2 Node.js server se...

Internet Bug Bounty: Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash

The Node.js HTTP/2 server was affected by a vulnerability that caused it to crash instantly after receiving a small number of HTTP/2 frames. The issue was caused by a race condition that occurred when the Http2Session destructor was triggered while header frames were still being processed, leavin...

HackerOne: Any user could upload attachments to pentest scoping form they don't have access to

The root cause of this issue was insufficient access controls implemented in the attachment upload functionality for pentest scoping forms. The endpoint responsible for handling attachment uploads did not properly validate the user's access rights to the specific scoping form, allowing any...