Q2-2023 API ThreatStats™ Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!

Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and...

Internet Bug Bounty: [CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON

A deserialization vulnerability was discovered in the Kredis JSON deserialization code, allowing for the potential deserialization of untrusted data. This could result in unexpected objects being deserialized in the system. The vulnerability has been assigned the CVE identifier CVE-2023-27531...

HackerOne: Draft report exposure via slack alerting system for programs

Vulnerability description not provided...

HackerOne: HackerOne Support System Doesn't Require Any Authentication May Lead Unauthorized Action

The HackerOne support system did not require any authentication, allowing anyone to open a support ticket for another user's account. This could potentially lead to unauthorized actions being taken on the account...

HackerOne: Triager/Team members can edit hacker's report and hacker is not even notified

The hacker's report could be edited by a triager or team member without notifying the hacker, compromising the integrity of the report...

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability,...

HackerOne: Usernames still visible on report export pdf despite "I want to redact all usernames" is selected

During a period of approximately one week, a feature was deployed that aimed to redact usernames in the Export PDF function. However, the feature did not account for certain edge cases, resulting in the disclosure of usernames in the exported PDF reports. The vulnerability was identified and...

HackerOne: Hackerone All Private Program Name Leaked to Public Via Collaborator OR Attacker can Easily Dump all Private Program Names through Collaborator

A vulnerability was discovered in Hackerone that allowed an attacker to obtain the names of private programs. By manipulating the report ID and using the Collaborator feature, the attacker could determine if a program was private or public. This compromised the confidentiality of private programs...

HackerOne: inviting collaborator using email disclose the hackerone account related to the user

The new HackerOne collaborator feature allowed users to disclose the HackerOne account associated with an email address without the invitee's interaction...

HackerOne: An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed

A vulnerability was found where users could create and modify the status of pentest opportunities without going through the intended review process...

HackerOne: RXSS at image.hackerone.live via the `url` parameter

Vulnerability description not provided...

User scoped external storage can be used to gather credentials of other users

None...

System addressbooks can be modified by malicious trusted server

None...

Password reset endpoint is not brute force protected

None...

Open redirect on "Unsupported browser" warning

None...

End-to-End encrypted file-drops can be made inaccessible

None...

Internet Bug Bounty: HTTP Request Smuggling via Empty headers separated by CR

The llhttp parser in the Node.js http module did not strictly use the CRLF sequence to delimit HTTP requests, which allowed for HTTP Request Smuggling HRS. This vulnerability affected all active versions of Node.js...

HackerOne: Internal machine learning API endpoint for CWE classification is vulnerable to path traversal

Vulnerability description not provided...

HackerOne: An attacker can can view any hacker email via /SaveCollaboratorsMutation operation name

An attacker could view any hacker or normal user's email on HackerOne by sending an invitation via a dummy report, thereby disclosing their private email...

Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...