HackerOne: Users querying dim_hacker_reports table through Analytics API can determine data from dim_reports table using WHERE or HAVING query

The Analytics API query builder was vulnerable to a confusion attack that allowed users to query data from the dimreports table using a WHERE or HAVING clause with a FILTER in the HackerOne Analytics Query Language HAQL. This was possible because the dimreports and dimhackerreports tables both...