Uber: Chain of vulnerabilities in Uber for Business Vouchers program allows for attacker to perform arbitrary charges to victim's U4B payment account

We have determined that through a chain of 3 vulnerabilities, it is possible for any U4B user to apply credit card charges or holds to any business using the Vouchers site. These charges originate from Uber and are unsolicited by the victim business, and can be made in any amount of the attacker'...