HackerOne: Security@ email forwarding and Embedded Submission drafts can be used to obtain copy of deleted attachments from other HackerOne users

HackerOne has a number of ways for hackers to submit security vulnerabilities to a program, two of which are through an embedded submission form and through security@ email forwarding. These two features can be exploited to update a report draft created through security@ email forwarding that doe...

HackerOne: Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent

An Insecure Direct Object Reference IDOR vulnerability allow the reporter, external users, and collaborators to mark sent swag that was awarded to the reporter as unsent. This may result in swag being sent multiple times. Proof of concept Follow the steps below to reproduce the vulnerability. sig...

HackerOne: Any user with access to program can resume and suspend HackerOne Gateway

An Insecure Direct Object Reference IDOR vulnerability is present in the UpdateGatewayProgramStateMutation that'd allow an attacker to suspend and resume the HackerOne Gateway feature for any program the user has access to. This includes any private programs that use the Gateway product and have ...