Bypass R2 payment screen
Medium
C
Cloudflare Public Bug Bounty
Submitted None
Team Summary
Official summary from Cloudflare Public Bug Bounty
Cloudflare's object storage product, R2, requires customers to have a valid payment method on file in order to activate the subscription. Due to insufficient access control checks, it was possible to bypass this requirement and enable the R2 subscription without having a valid payment method stored. Cloudflare's engineering team fixed the issue by implementing stricter access control methods around subscription enablement.
Actions:
Reported by
bun
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$350.00
Submitted
Weakness
Improper Restriction of Authentication Attempts