Helium - HackerOne Reports
View on HackerOne11
Total Reports
0
Critical
5
High
5
Medium
1
Low
Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization
Reported by:
eissen5c
|
Disclosed:
Medium
Weakness: Business Logic Errors
Bounty: $250.00
Read-only user can delete higher privileged members using open DELETE /api/memberships/<membershipID> endpoint
Reported by:
chipped
|
Disclosed:
Medium
Weakness: Privilege Escalation
Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify
Reported by:
w2w
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
Cleartext Transmission of Sensitive Information Leads to administrator access
Reported by:
kdr9666
|
Disclosed:
Medium
Weakness: Cleartext Transmission of Sensitive Information
unpermitted user can change the device name of admin account
Reported by:
error___404
|
Disclosed:
High
Read-Only user can delete users
Reported by:
amr_
|
Disclosed:
High
Weakness: Insecure Direct Object Reference (IDOR)
HTTP request Smuggling
Reported by:
dracomalfoy
|
Disclosed:
High
Weakness: HTTP Request Smuggling
SSRF By adding a custom integration on console.helium.com
Reported by:
th0roid
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
Bounty: $500.00
Organization Takeover via invitation API
Reported by:
azraelsec
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Bounty: $100.00
Organization Takeover
Reported by:
azraelsec
|
Disclosed:
High
Weakness: Improper Access Control - Generic
Bounty: $500.00
Hyperlink Injection on Email Invitation
Reported by:
eissen5c
|
Disclosed:
Low
Weakness: Open Redirect
Bounty: $50.00