Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Slack - HackerOne Reports

View on HackerOne

80

Total Reports

8

Critical

14

High

19

Medium

13

Low

Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack

Reported by: sandrogauci | Disclosed:

High

Weakness: Use of Hard-coded Cryptographic Key

Bounty: $2000.00

Lack of URL normalization renders Blocked-Previews feature ineffectual

Reported by: jub0bs | Disclosed:

Medium

Weakness: Security Through Obscurity

Bounty: $1000.00

Unauthorized access to GovSlack

Reported by: violet | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $1500.00

Real Time Error Logs Through Debug Information

Reported by: rubaljain | Disclosed:

High

Weakness: Information Exposure Through Debug Information

CSS Injection to disable app & potential message exfil

Reported by: fletchto99 | Disclosed:

Medium

Weakness: Improper Input Validation

Subdomain takeover on podcasts.slack-core.com

Reported by: michiel | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $100.00

Invitation reminder emails contain insecure links

Reported by: hanno | Disclosed:

Low

Weakness: Cryptographic Issues - Generic

Bounty: $350.00

Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain

Reported by: fransrosen | Disclosed:

Weakness: Violation of Secure Design Principles

Unauthenticated LFI revealing log information

Reported by: juji | Disclosed:

High

Weakness: Information Disclosure

XSS on link and window.opener

Reported by: pisarenko | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $1000.00

Header modification results in disclosure of Slack infra metadata to unauthorized parties

Reported by: showuon | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

The POODLE attack (SSLv3 supported) at status.slack.com

Reported by: cryptographer | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

XSS vulnerable parameter in a location hash

Reported by: virtualhunter | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Possibility to freeze/crash the host system of all Slack Desktop users easily

Reported by: freesec | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Private application files can be uploaded to Slack via malicious uploader

Reported by: shell_c0de | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $500.00

Authentication bypass leads to sensitive data exposure (token+secret)

Reported by: secalert | Disclosed:

Weakness: Improper Authentication - Generic

Bounty: $2000.00

Eavesdropping on private Slack calls

Reported by: michiel | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $1000.00

Workspace configuration metadata disclosure

Reported by: kadusantiago | Disclosed:

High

Weakness: Information Disclosure

Bypass two-factor authentication

Reported by: kamikaze | Disclosed:

Weakness: Improper Authentication - Generic

Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication

Reported by: pclinger | Disclosed:

Low

Weakness: Insufficiently Protected Credentials

Bounty: $500.00

Previous Page 3 of 4 Next