LinkedIn - HackerOne Reports
View on HackerOne45
Total Reports
3
Critical
8
High
24
Medium
7
Low
Delete any LinkedIn comment on learning API of other users
Reported by:
encodedguy
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Information disclosure by sending a GIF
Reported by:
qualw1n
|
Disclosed:
Medium
Weakness: Client-Side Enforcement of Server-Side Security
Attacker can unpin posts from companies he's not part of.
Reported by:
spaceboy20
|
Disclosed:
Low
An attacker can submit arbitrary projects to their service accounts and obtain full information on projects of other users.
Reported by:
marvelmaniac
|
Disclosed:
High
Weakness: Insecure Direct Object Reference (IDOR)
IDOR allows an attacker to delete anyone's featured photo.
Reported by:
adilnbabras
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su
Reported by:
suryasnn
|
Disclosed:
Medium
Weakness: Improper Restriction of Authentication Attempts
[ADMIN FEATURE ACCESS] Knowing The Competitors analytics of any company
Reported by:
mainteemoforfun
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
IDOR - Delete technical skill assessment result & Gained Badges result of any user
Reported by:
sachin_kr
|
Disclosed:
Medium
Deny Admin from Editing LinkedIn Company Page using Gen Form Visibility via POST /voyager/api/voyagerOrganizationDashCompanies/{id}
Reported by:
domg
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Attackers can create unlimited jobs by paying a low price `( Rp. 10,000 )` from the original lowest price of around **Rp 93,151**
Reported by:
find_me_here
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Forced OAuth authorization using button ID in hash and holding space
Reported by:
j0r1an
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
Can access the job name, creator name and can report any draft/under review/rejected job
Reported by:
sachin_kr
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
bypass two-factor authentication.
Reported by:
spaceboy20
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic
CSRF that makes any user send invitations to the attacker by simply clicking on a link.
Reported by:
marvelmaniac
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Improper access control on Linkedin Page
Reported by:
cipherai
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
“See who’s interested in working for your company” - security issue
Reported by:
headhunter
|
Disclosed:
Medium
Weakness: Information Disclosure
Anyone can view the results of linkedin skill test -if failed to earn a badge or if the badge earned is kept private: both cases results can be viewed
Reported by:
marvelmaniac
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Can delete other user's post and company page post
Reported by:
anandpingsafe
|
Disclosed:
Weakness: Improper Access Control - Generic
Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]
Reported by:
naaash
|
Disclosed:
Medium
Weakness: Privilege Escalation