API docs expose an active token for the sample domain theburritobot.com
High
C
Cloudflare Public Bug Bounty
Submitted None
Team Summary
Official summary from Cloudflare Public Bug Bounty
A screenshot featured on [API token creation](https://developers.cloudflare.com/api/tokens/create/#generating-the-token) documentation page exposed a valid API token with permissions sufficient to modify DNS records of one of Cloudflare’s demo zones. The token has since been revoked.
Actions:
Reported by
sainaen
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Information Disclosure