WindMill 信息泄露漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.634.6 contained a vulnerability known as “information leakage,” which occurred because the Slack OAuth client token was...

SlackPirate - Slack Enumeration And Extraction Tool - Extract Sensitive Information From A Slack Workspace

This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising - the integration and 'ChatOps' possibilities are endless and...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

Information Disclosure

laudia-bot-builder is vulnerable to information disclosure. The vulnerability exists because the slack secrets are visible to any request that comes with a slack token allowing a local user to retrieve slack data...

Shipt: Slack token leaking in stackoverflow and devtimes

A Shipt employee inadvertently posted a Slack Webhook URI including the authentication token on two public tech forums: Stackoverflow.com and devtimes.com. While this incoming webhook's configuration was restricted to posting in a single channel created for testing this application and only 2 Shi...

Rocket.Chat: Slack Token exposed over internet (Github)

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: Slack token is...