HackerOne: The /reports/:id.json endpoint discloses potentially sensitive user attributes when reporter summary is present

The /reports/:id.json endpoint disclosed potentially sensitive user attributes, including the reporter's email, OTP backup codes, phone number, graphqlsecrettoken, and t-shirt size when a reporter summary was present...