Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE
Low
U
Uber
Submitted None
Team Summary
Official summary from Uber
After booking a shared ride, an attacker is able to access the profile picture of a co-rider. It is possible during the trip to view the co-rider's picture.
Actions:
Reported by
fawazxq
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure