HackerOne: report id is exposed for undisclosed reports in Hacktivity

Summary: This is similar to https://hackerone.com/reports/127620 where the report Id of undisclosed report is visible on graphql query Description: The new hacktivity graphql query includes undisclosed reports, but part of the query result is the report id which is included in private information...

HackerOne: Partial disclosure of undisclosed programs through <meta> tags

Summary Report pages contain tags that contains the description of the report. New browsers create thumbnails of recently visited pages that that display the content of the tags. Since the meta tags contain the contents of report, private report contents are partially disclosed. Description Moder...

HackerOne: Search query text, including from potentially undisclosed reports, sent to Google Analytics on Inbox query page

Summary: Search query text, including from potentially undisclosed reports, sent to Google Analytics on Inbox query page Description Include Impact: Since search query text can both include content of private vulnerabilities, it shouldn't be sent to Google Analytics. Furthermore, the information...