HackerOne: [Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery"

A vulnerability was discovered that allowed hackers to disclose private metadata about Spot Checks, including the number of hackers and the selection criteria. The vulnerability was triggered by navigating to a specific URL and accessing the "SpotCheckSingleQuery" parameter, which returned this...