HackerOne: LLM03: Training Data Poisoning via ASCII decoding

Vulnerability description not provided...

HackerOne: Inadequate redaction exposes sensitive information via the “ShareReportViaEmail" GraphQL endpoint

The vulnerability involved inadequate redaction of sensitive information within the HackerOne platform. Specifically, the redaction feature failed to completely obscure data such as JIRA references, which could be accessed through GraphQL requests...

Open redirect in user_saml via RelayState parameter

None...

Improper handling of request URLs in Guests app allows guest users to bypass app allowlist

None...

OAuth2 authorization codes are valid indefinetly

None...

Self XSS when sending HTML as a comment in the Deck app

None...

HackerOne: Program admins could add verified domains to an organization

Program admins could add verified domains to an organization in HackerOne despite lacking organization admin permissions. This allowed program admins to access restricted features and escalate privileges...

Default swagger-ui configuration exposes all files in the module

Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...

GHSA-62JR-84GF-WMG4 Default swagger-ui configuration exposes all files in the module

Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...

HackerOne: Being able to disclose IBB bounty table of any public program

A private Internet Bug Bounty IBB bounty table was disclosed. The IBB bounty table contained information about the reward amounts for critical, high, medium, and low vulnerabilities in open-source projects...

HackerOne: Server Side Request Forgery (SSRF) in webhook functionality

Server Side Request Forgery SSRF vulnerability found in webhook functionality. Attacker able to bypass anti-SSRF protections by using IPv6 address mapped to IPv4. This allowed unauthorized access to internal AWS EC2 metadata instance...

GHSA-HWCC-4CV8-CF3H Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

Issue Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between...

Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

Issue Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between...

Bruteforce protection can be bypassed with misconfigured proxy

None...

Calendar app returns full stacktrace when an error happens while editing appointment

None...

Liberapay: Avatar URL is exposed in patron export for secret donations

The avatar URL was exposed in the patron export for secret donations, which could potentially identify donors who wished to remain anonymous...

HackerOne: How the Arch Angel stole Live Events

A vulnerability in a live hacking event's infrastructure allowed an attacker to impersonate an administrator, close valid bug reports, and disrupt the event. The attacker was able to log in as an administrator and invalidate bug reports, but the event proceeded successfully regardless...

Internet Bug Bounty: curl HSTS long file name clears contents

When saving HSTS data using curl, a vulnerability was found where using an excessively long file name could result in the clearing of all contents. This caused subsequent requests using that file to be unaware of the HSTS status they should have used. The reason was that curl appended a suffix to...

Brave Android 1.61.100 Security Fixes

Fixed crash when incorrectly handling reward navigation redirects as reported on HackerOne by 0xc4gr1. Upgraded Chromium to 120.0.6099.62 — refer to Google Chrome advisories for inherited CVEs...

HackerOne: Cloud Computer Hackerone Triager can be Accessible for everyone [[email protected]] computer

Vulnerability description not provided...