Greenhouse


reports in last 90 days

9

disclosed resolved issues

1

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium DoS through cache poisoning using invalid HTTP parameters

Denial of Service irvinlim Time to triage: 10 Days and 6 hours


Time to close: 10 Days and 0 hours
Resolved

Medium Bypass of request line length limit to DoS via cache poisoning

Denial of Service irvinlim Time to triage: 4 Days and 4 hours


Time to close: 82 Days and 3 hours
Resolved

Medium Cache poisoning using NULL bytes and long URLs

Improper Null Termination irvinlim Time to triage: 3 Days and 3 hours


Time to close: 29 Days and 20 hours
Resolved

Medium DoS through cache poisoning using invalid HTTP parameters

Denial of Service irvinlim Time to triage: 10 Days and 6 hours


Time to close: 10 Days and 0 hours
Resolved

No rating Content Spoofing on link.greenhouse.io

Violation of Secure Design Principles ahmed_ezzat_nasr0x Issue was not triaged


Time to close: 119 Days and 7 hours
Resolved

High Open Redirect in <customer>.greenhouse.io

Open Redirect cyneox Time to triage: 0 Days and 8 hours


Time to close: 112 Days and 21 hours
Resolved

No rating [greenhouse.io] CRLF Injection / Insecure nginx configuration

None supplied bobrov Time to triage: 8 Days and 8 hours


Time to close: 75 Days and 14 hours
Resolved

No rating Subdomain Takeover using blog.greenhouse.io pointing to Hubspot

Cross-site Scripting (XSS) - Generic fransrosen Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 13 hours
Resolved

No rating SMTP protection not used (please read carefully )

Improper Authentication - Generic ashesh Issue was not triaged


Time to close: 9 Days and 0 hours
Informative

No rating openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io

Information Disclosure simon90 Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved