Trint Ltd: SSO bypass in zendesk using trint organization able to leak internal ticket information

Summary hello there because in app.trint.com there's no email verification i able to login in your zendesk SSO using your organization your organization using domain @trint.com because there's no email verification i able to read and takeover + claim this email [email protected] and i able to...

Trint Ltd: Leak of Internal IP addresses

Summary: The leak of Internal IP Addresses. IP Addresses:- 10.6.96.4 10.6.136.194 10.6.127.182 Assessment: add your assessment of the vulnerability Steps To Reproduce: 1. Open request page of graphql2.trint.com with "getUser" Operation name. 2. Remove "authorization: Bearer" line and error will...

Trint Ltd: IDOR in changing shared file name

Summary: Hi Trind LTD, I have found a IDOR vulnerability in https://app.trint.com . An user can change shared file names through this IDOR. Steps To Reproduce: 1. Create a file from account B 2. Capture the request of renaming the file as shown in sample request 3. Create a file from account A an...