Missing brute force protection on cloud federation sharing

None...

Ruby on Rails: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability suggested that this should fix it see here:...

HackerOne: Private Email Address Leak of H1 Researchers.

...

Internet Bug Bounty: Off-by-slash vulnerability in nodejs.org and iojs.org

Original Report: https://hackerone.com/reports/1631350 The reason for submitting this report is written in the comment of the original report. ---- Summary: Configuration files for Nginx in nodejs/build repository have multiple off-by-slash misconfigurations. Because nodejs.org and iojs.org are...

undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

Impact Authorization headers are already cleared on cross-origin redirect in https://github.com/nodejs/undici/blob/main/lib/handler/redirect.jsL189, based on https://github.com/nodejs/undici/issues/872. However, cookie headers which are sensitive headers and are official headers found in the spec...

GHSA-376V-XGJX-7MFR fastify-bearer-auth vulnerable to Timing Attack Vector

Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack...

fastify-bearer-auth vulnerable to Timing Attack Vector

Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack...

HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data

...

Design/Logic Flaw

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

HackerOne Fires Employee for Stealing Bug Reports, Collecting Bug Bounties

By Deeba Ahmed Bug bounty and vulnerability coordination platform HackerOne has fired an employee for using their position to access customers… This is a post from HackRead.com Read the original post: HackerOne Fires Employee for Stealing Bug Reports, Collecting Bug Bounties...

SMTP Command Injection in iCalendar Attachments to emails via newlines

None...

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal...

Hiperlink injection in email

BUG ========= Hiperlink injection in email SUMMURY ============= There is no character length limit in user fullname . So, user can set fullname to large number character and also can put link url . DETAILS =============== 1. goto admin account profile and change fullname to bellow Hi, You have...

HackerOne: June 2022 Incident Report

Intro Since the founding of HackerOne, we have kept a steadfast commitment to disclosing security incidents because we believe that sharing security information far and wide is essential to building a safer internet. HackerOne's culture is to disclose more often, and in more detail than the rest ...

HackerOne: Disclosing PolicyPageAssetGroup in Private Programs via /graphql `gid://hackerone/PolicyPageAssetGroupsIndex::PolicyPageAssetGroup/{id}`

The vulnerability allowed unauthorized users to retrieve sensitive information about private bug bounty programs on HackerOne, including program names, scope details, and the titles of reports. The issue was promptly addressed by the HackerOne team, who recognized its critical severity and awarde...

Stripo Inc: Non-revoked API Key Information disclosure via Stripo_report()

Talking about 983331 reports where a security researcher reported secret API key leakage vulnerability in a JavaScript file at Stripo. This report is disclosed on HackerOne, and the team at Stripo have forgotten to blur the API keys from the report before disclosing it to the public. The API keys...

Code injection in concrete CMS

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...

GHSA-6XC4-7FMM-65Q2 Code injection in concrete CMS

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...

CVE-2022-21829

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...

CVE-2022-21829

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...