2 matches found
HackerOne: Team object in GraphQL discloses team group names and permissions
Summary: Hi team. We can disclosed your team member groups ; Description: Because of the communications error, we can disclose the data - teammembergroupsid,name,permissions Steps To Reproduce 1. "query": "query...
HackerOne: External programs revealing info
A bug in an authorization check was found by @1337coder on an endpoint that was showing the members of a team, as well as the team member groups that were set up. Example output: "id":1, "username":"dirk", "name":"dirk", "bio":"", "url":"https://hackerone.com/dirk" , "id":2, "name":"Admin",...