Semmle - HackerOne Reports
View on HackerOne13
Total Reports
3
Critical
2
High
5
Medium
2
Low
All Burp Suite Scan report
Reported by:
punitcingh
|
Disclosed:
Low
Weakness: Security Through Obscurity
CSP : Inline scripts can be inserted
Reported by:
darkdude
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
Unprotected Api EndPoints
Reported by:
kaushalag29
|
Disclosed:
Medium
Weakness: Violation of Secure Design Principles
Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning
Reported by:
thehackerish
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Worker container escape lead to arbitrary file reading in host machine [again]
Reported by:
testanull
|
Disclosed:
Critical
Weakness: Privilege Escalation
Bounty: $2000.00
Privilege escalation in workers container
Reported by:
testanull
|
Disclosed:
High
Weakness: Privilege Escalation
Bounty: $1500.00
Server side includes in https://lgtm-com.pentesting.semmle.net/internal_api/v0.2/savePublicInformation leads to 500 server error and D-DOS
Reported by:
zzealsham
|
Disclosed:
Low
Weakness: Command Injection - Generic
Worker container escape lead to arbitrary file reading in host machine
Reported by:
testanull
|
Disclosed:
Critical
Weakness: Privilege Escalation
Bounty: $2000.00
DOMXSS in redirect param
Reported by:
flamezzz
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
Authenticated Cross-Site-Request-Forgery
Reported by:
drspitfire
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Email Not Completely Deleted after Deleting an account
Reported by:
0xspade
|
Disclosed:
Weakness: Privacy Violation
Email addresses exposed in getPersonBySlug API
Reported by:
haxta4ok00
|
Disclosed:
Medium
Bounty: $500.00
the login blocking mechanism does not work correctly
Reported by:
aufzayed
|
Disclosed:
Medium
Weakness: Improper Restriction of Authentication Attempts