Homebrew - HackerOne Reports
View on HackerOne14
Total Reports
2
Critical
2
High
6
Medium
3
Low
clickjacking at brew.sh
Reported by:
sai545
|
Disclosed:
Low
Weakness: UI Redressing (Clickjacking)
Brew bootstrap process is insecure
Reported by:
nightwatch-cybersecurity
|
Disclosed:
Medium
Weakness: Code Injection
Host header Injection
Reported by:
sumit7
|
Disclosed:
Medium
Weakness: Violation of Secure Design Principles
Email enumeration of users
Reported by:
pappan
|
Disclosed:
Medium
Weakness: Information Disclosure
Server version disclosure on [jenkins.brew.sh]
Reported by:
neutrinoguy
|
Disclosed:
Weakness: Information Disclosure
Broken parsing of Git diff allows an attacker to inject arbitrary Ruby scripts to Casks on official taps
Reported by:
ryotak
|
Disclosed:
Critical
GitHub API Key for BrewTestBot is publicly exposed
Reported by:
ejholmes
|
Disclosed:
Critical
Weakness: Information Disclosure
[bot.brew.sh] Full Path Disclosure
Reported by:
zephrfish
|
Disclosed:
Medium
Weakness: Information Disclosure
Sensitive information disclosure via response headers on jenkins.brew.sh
Reported by:
mrnull1337
|
Disclosed:
Low
Weakness: Information Exposure Through an Error Message
Bypass of the installation sandbox by injecting keystrokes with TIOCSTI
Reported by:
gedwards
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
[https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled
Reported by:
zephrfish
|
Disclosed:
Medium
Weakness: Stack Overflow
Homebrew privilege escalation vulnerability
Reported by:
hi_ztz
|
Disclosed:
High
Weakness: Privilege Escalation
Homebrew installed LaunchDaemons create simple root esclations
Reported by:
keeleysam
|
Disclosed:
High
Weakness: Privilege Escalation
Stack Trace on jenkins.brew.sh
Reported by:
mrnull1337
|
Disclosed:
Medium
Weakness: Stack Overflow