HackerOne


reports in last 90 days

77

disclosed resolved issues

2

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Manipulate hacker profile and private program hacktivity to expose your name as researchers who is actively submitting reports with resolve status

Information Disclosure japz Issue was not triaged


Time to close: 66 Days and 19 hours
Resolved

Low Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264

Information Disclosure hisokamorou Time to triage: 0 Days and 23 hours


Time to close: 7 Days and 1 hours
Resolved

Low IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs

Insecure Direct Object Reference (IDOR) jobert Time to triage: 0 Days and 0 hours


Time to close: 4 Days and 22 hours
Resolved

Low [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"

None supplied japz Time to triage: 11 Days and 6 hours


Time to close: 18 Days and 8 hours
Resolved

Low Program Email Nofication settings ignored when being added as an external contributor

Information Disclosure the_arch_angel Time to triage: 2 Days and 14 hours


Time to close: 18 Days and 13 hours
Resolved

Low Total bounties paid amount is disclosed because of redesign of the Program Profiles

Information Disclosure asad0x01_ Time to triage: 13 Days and 16 hours


Time to close: 1 Days and 9 hours
Resolved

Low Race Condition in Flag Submission

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') dropper Time to triage: 0 Days and 0 hours


Time to close: 176 Days and 4 hours
Resolved

Medium Private information exposed through GraphQL filters

Information Disclosure reigertje Time to triage: 0 Days and 23 hours


Time to close: 4 Days and 23 hours
Resolved

Medium Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled

Improper Access Control - Generic jobert Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 4 hours
Resolved

Low View HackerOne challenge scope before challenge begins

Forced Browsing neema Time to triage: 1 Days and 5 hours


Time to close: 66 Days and 12 hours
Resolved

Low Disclosing a private program in an external link if program is paused

None supplied haxta4ok00 Time to triage: 7 Days and 3 hours


Time to close: 133 Days and 22 hours
Resolved

Medium Team member with Program permission only can escalate to Admin permission

Privilege Escalation metnew Time to triage: 8 Days and 0 hours


Time to close: 2 Days and 22 hours
Resolved

No rating Private Program all members disclosed

Information Disclosure vulnh0lic Issue was not triaged


Time to close: 0 Days and 16 hours
Duplicate

No rating HackerOne is still prone to Internet Explorer UXSS

Cross-Site Request Forgery (CSRF) zombiehelp54 Issue was not triaged


Time to close: 7 Days and 17 hours
Informative

None www.hackerone.com website CSP "script-src" includes "unsafe-inline"

Violation of Secure Design Principles rootkid Issue was not triaged


Time to close: 0 Days and 12 hours
Resolved

None Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)

Violation of Secure Design Principles zseano Time to triage: 21 Days and 14 hours


Time to close: 55 Days and 15 hours
Resolved

Low Information leakage via CSV when content is valid JavaScript

Cross-Site Request Forgery (CSRF) mikkocarreon Time to triage: 39 Days and 3 hours


Time to close: 50 Days and 13 hours
Resolved

No rating Race Conditions in Popular reports feature.

Memory Corruption - Generic shmoo Time to triage: 0 Days and 5 hours


Time to close: 0 Days and 4 hours
Resolved

Low Subdomain takeover #4 at info.hacker.one

Privilege Escalation ak1t4 Time to triage: 8 Days and 12 hours


Time to close: 43 Days and 2 hours
Resolved

Low Content Security Policy not applied to error pages at multiple HackerOne endpoints

Violation of Secure Design Principles brad07 Time to triage: 1 Days and 3 hours


Time to close: 118 Days and 16 hours
Resolved

Low Subdomain takeover #3 at info.hacker.one

Privilege Escalation ak1t4 Issue was not triaged


Time to close: 6 Days and 23 hours
Resolved

Low Hacker.One Subdomain Takeover

Violation of Secure Design Principles geekboy Time to triage: 0 Days and 4 hours


Time to close: 36 Days and 10 hours
Resolved

Low Subdomain takeover at info.hacker.one

Privilege Escalation ak1t4 Issue was not triaged


Time to close: 22 Days and 21 hours
Resolved

None HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms

None supplied kapytein Time to triage: 0 Days and 1 hours


Time to close: 1 Days and 8 hours
Resolved

Low report id is exposed for undisclosed reports in Hacktivity

Information Disclosure embedded_submission_form_uuid Time to triage: 1 Days and 10 hours


Time to close: 4 Days and 2 hours
Informative