HackerOne: Server Side Request Forgery (SSRF) via Analytics Reports

We recently received a critical server-side request forgery SSRF vulnerability report through our bug bounty program. The issue allowed attackers to make internal requests from our application servers by exploiting a lack of output sanitization in an error message. By crafting malicious requests,...

Users can make external storage mount points inaccessible for other users

None...

user_ldap app logs user passwords in the log file on level debug

None...

Can enable/disable birthday calendar for any user

None...

Server-Side Request Forgery (SSRF) in Mail app

None...

Admins can change authentication details of user configured external storage

None...

HackerOne: [hackerone.com] Program's old handles are not blacklisted like usernames and allows reclaim over past handles for potential abuse

Vulnerability description not provided...

HackerOne: Private program name disclosure in the invitation mail for another program

A private program name was disclosed in an invitation email for another program...

Internet Bug Bounty: Permission model improperly protects against path traversal in Node.js 20

A path traversal vulnerability was introduced in Node.js 20 due to insufficient patching of CVE-2023-30584. The vulnerability arises because the permission model implementation does not protect itself against the application overwriting built-in utility functions like path.resolve with user-defin...

HackerOne: IDOR vulnerability in unreleased HackerOne Copilot feature

An unreleased feature of HackerOne's Copilot was vulnerable to IDOR through a GraphQL mutation. By supplying another user's conversation ID, an attacker could have deleted conversations in the Copilot interface before this issue was addressed...

HackerOne: Hacker email disclosed on submission at hackerone hactivity

Vulnerability description not provided...

Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow

...

HackerOne: New Search Feature: Search for non-public words in limited disclosure reports

A vulnerability was discovered that allowed an attacker to search for words in limited disclosure vulnerability reports on HackerOne and see if the word existed in the full report, rather than just the limited disclosure portion. This could potentially allow secrets contained within a full report...

Password of talk conversations can be bruteforced

None...

Improper restriction of excessive authentication attempts on WebDAV endpoint

None...

Exploit for Out-of-bounds Write in Haxx Libcurl

Quick description This showcases the cURL CVE-2023-38545. It...

HackerOne: Organization members can delete reports in teams they have no access to

Reports in teams could be deleted by organization members without access to those teams. The vulnerability allowed deletion of analytics reports for restricted teams through a GraphQL mutation even when members lacked permissions to view or edit those reports...

Kibana Prototype Pollution / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kibana Upgrade Assistant Telemetry Collector Prototype Pollution', 'Description' = %q Kibana before version 7.6.3 suffers from a prototype...

HackerOne: Google Docs link in JS files allows editing & reading survey information

A Google Docs link was discovered in JavaScript files on a website allowing editing and reading of survey information. The link provided access to edit a survey and view some users' emails and responses...

Hackerone: CVE-2023-38039 HTTP headers eat all memory

...