HackerOne: An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed
A vulnerability was found where users could create and modify the status of pentest opportunities without going through the intended review process...