HackerOne: Lack of cross-origin request blocking allows leaking of sensitive information on several endpoints
Summary: It is possible to make users leak sensitive information on several endpoints by measuring the time certain requests take to be cached. Description: If a request is made to https://hackerone.com/github/weaknesses and the user is logged in, the size of the response will be around 9kb becau...