Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Organization Members in Snap Kit may Deactivate Apps

Low
S
Snapchat
Submitted None

Team Summary

Official summary from Snapchat

A member of a Snap Kit organization may deactivate an organization's app, by performing a POST request to https://kit.snapchat.com/api/portal/graphql. even if they are not authorized to do so. This allows a malicious organization member to deactivate the apps of an organization, even if they are not an admin.

Actions:
View on HackerOne
Reported by mainteemoforfun

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Privilege Escalation