HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object

Summary: Hi team. And Happy New Year! Description: If I am not mistaken, then through this parameter we can define private programs with an external link. If this parameter is not empty, then the program is private. - "HackerOne Platform" Steps To Reproduce https://hackerone.com/graphql POST:...