Homebrew


reports in last 90 days

6

disclosed resolved issues

3

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Homebrew privilege escalation vulnerability

Privilege Escalation hi_ztz Issue was not triaged


Time to close: 2 Days and 0 hours
Resolved

Medium Email enumeration of users

Information Disclosure pappan Issue was not triaged


Time to close: 0 Days and 3 hours
Resolved

High Homebrew installed LaunchDaemons create simple root esclations

Privilege Escalation keeleysam Issue was not triaged


Time to close: 3 Days and 20 hours
Resolved

Critical GitHub API Key for BrewTestBot is publicly exposed

Information Disclosure ejholmes Time to triage: 0 Days and 2 hours


Time to close: 0 Days and 0 hours
Resolved

Low Sensitive information disclosure via response headers on jenkins.brew.sh

Information Exposure Through an Error Message mrr3boot Issue was not triaged


Time to close: 0 Days and 0 hours
Duplicate

Medium [bot.brew.sh] Full Path Disclosure

Information Disclosure zephrfish Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved

Medium Host header Injection

Violation of Secure Design Principles smit Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

Medium [https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled

Stack Overflow zephrfish Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved

None Server version disclosure on [jenkins.brew.sh]

Information Disclosure neutrinoguy Issue was not triaged


Time to close: 0 Days and 14 hours
Informative

Medium Stack Trace on jenkins.brew.sh

Stack Overflow mrr3boot Issue was not triaged


Time to close: 0 Days and 0 hours
Informative