i don't the important and it's impact . the affected asset: https://github.com/solana-labs/solana/blob/master/.buildkite/env/secrets.ejson
π https://hackerone.com/reports/961175
πΉ Severity: Medium
πΉ Reported To: Solana BBP
πΉ Reported By: #hussein_mersal
πΉ State: π€ Duplicate
πΉ Disclosed: August 18, 2020, 2:47am (UTC)
π https://hackerone.com/reports/961175
πΉ Severity: Medium
πΉ Reported To: Solana BBP
πΉ Reported By: #hussein_mersal
πΉ State: π€ Duplicate
πΉ Disclosed: August 18, 2020, 2:47am (UTC)
Sensitive data leaks [username, password, keys]
π https://hackerone.com/reports/961170
πΉ Severity: Critical
πΉ Reported To: Solana BBP
πΉ Reported By: #anjpan
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 18, 2020, 3:02am (UTC)
π https://hackerone.com/reports/961170
πΉ Severity: Critical
πΉ Reported To: Solana BBP
πΉ Reported By: #anjpan
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 18, 2020, 3:02am (UTC)
Session not invalidated after password reset
π https://hackerone.com/reports/917213
πΉ Severity: Medium
πΉ Reported To: Gener8
πΉ Reported By: #5hu8h4m_n4g4
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 8:53am (UTC)
π https://hackerone.com/reports/917213
πΉ Severity: Medium
πΉ Reported To: Gener8
πΉ Reported By: #5hu8h4m_n4g4
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 8:53am (UTC)
pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment
π https://hackerone.com/reports/633231
πΉ Severity: High | π° 650 USD
πΉ Reported To: WordPress
πΉ Reported By: #simonscannell
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 6:01pm (UTC)
π https://hackerone.com/reports/633231
πΉ Severity: High | π° 650 USD
πΉ Reported To: WordPress
πΉ Reported By: #simonscannell
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 6:01pm (UTC)
Stored XSS in Post Preview as Contributor
π https://hackerone.com/reports/497724
πΉ Severity: Medium | π° 650 USD
πΉ Reported To: WordPress
πΉ Reported By: #simonscannell
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 6:02pm (UTC)
π https://hackerone.com/reports/497724
πΉ Severity: Medium | π° 650 USD
πΉ Reported To: WordPress
πΉ Reported By: #simonscannell
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 6:02pm (UTC)
Blind Stored XSS Via Staff Name
π https://hackerone.com/reports/948929
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 7:41pm (UTC)
π https://hackerone.com/reports/948929
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #rioncool22
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 7:41pm (UTC)
access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-
π https://hackerone.com/reports/870001
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #jaka_tingkir
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 7:44pm (UTC)
π https://hackerone.com/reports/870001
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #jaka_tingkir
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 7:44pm (UTC)
OrderListInitial leaks order details
π https://hackerone.com/reports/882412
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: Shopify
πΉ Reported By: #sreeju_kc
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 7:52pm (UTC)
π https://hackerone.com/reports/882412
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: Shopify
πΉ Reported By: #sreeju_kc
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 7:52pm (UTC)
Get analytics token using only apps permission
π https://hackerone.com/reports/901775
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #jmp_35p
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 9:29pm (UTC)
π https://hackerone.com/reports/901775
πΉ Severity: Medium | π° 1,000 USD
πΉ Reported To: Shopify
πΉ Reported By: #jmp_35p
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 9:29pm (UTC)
Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation
π https://hackerone.com/reports/409973
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #tolo7010
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:09pm (UTC)
π https://hackerone.com/reports/409973
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #tolo7010
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:09pm (UTC)
Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters
π https://hackerone.com/reports/768345
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Starbucks
πΉ Reported By: #rexvuz
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:38pm (UTC)
π https://hackerone.com/reports/768345
πΉ Severity: Medium | π° 250 USD
πΉ Reported To: Starbucks
πΉ Reported By: #rexvuz
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:38pm (UTC)
Password reset link not expired at Stocky App
π https://hackerone.com/reports/898841
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #ayyoub
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:53pm (UTC)
π https://hackerone.com/reports/898841
πΉ Severity: No Rating | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #ayyoub
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:53pm (UTC)
I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)
π https://hackerone.com/reports/361984
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 12:59am (UTC)
π https://hackerone.com/reports/361984
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 12:59am (UTC)
I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)
π https://hackerone.com/reports/391092
πΉ Severity: Critical | π° 2,500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:11am (UTC)
π https://hackerone.com/reports/391092
πΉ Severity: Critical | π° 2,500 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:11am (UTC)
CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card
π https://hackerone.com/reports/358143
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:26am (UTC)
π https://hackerone.com/reports/358143
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: Yelp
πΉ Reported By: #hk755a
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:26am (UTC)
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser
π https://hackerone.com/reports/832750
πΉ Severity: High | π° 1,150 USD
πΉ Reported To: Valve
πΉ Reported By: #irukandjisecresearch
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 3:20am (UTC)
π https://hackerone.com/reports/832750
πΉ Severity: High | π° 1,150 USD
πΉ Reported To: Valve
πΉ Reported By: #irukandjisecresearch
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 3:20am (UTC)
[GoldSrc] RCE via malformed BSP file
π https://hackerone.com/reports/763403
πΉ Severity: High | π° 450 USD
πΉ Reported To: Valve
πΉ Reported By: #gamer7112
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 3:29am (UTC)
π https://hackerone.com/reports/763403
πΉ Severity: High | π° 450 USD
πΉ Reported To: Valve
πΉ Reported By: #gamer7112
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 3:29am (UTC)
[GoldSrc] RCE via 'spk' Console Command
π https://hackerone.com/reports/769014
πΉ Severity: High | π° 350 USD
πΉ Reported To: Valve
πΉ Reported By: #gamer7112
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 4:37am (UTC)
π https://hackerone.com/reports/769014
πΉ Severity: High | π° 350 USD
πΉ Reported To: Valve
πΉ Reported By: #gamer7112
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 4:37am (UTC)
Denial of Service when entring an Array in email at seetings
π https://hackerone.com/reports/961997
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #ja3far
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 19, 2020, 11:02am (UTC)
π https://hackerone.com/reports/961997
πΉ Severity: Medium
πΉ Reported To: Nextcloud
πΉ Reported By: #ja3far
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 19, 2020, 11:02am (UTC)
Missing SPF Records
π https://hackerone.com/reports/652447
πΉ Severity: Medium
πΉ Reported To: Avito
πΉ Reported By: #harshita174
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:15pm (UTC)
π https://hackerone.com/reports/652447
πΉ Severity: Medium
πΉ Reported To: Avito
πΉ Reported By: #harshita174
πΉ State: π’ Resolved
πΉ Disclosed: August 19, 2020, 1:15pm (UTC)
IDOR at [https://dropcontact.firstpromote] which allows an UNAUTHORIZED user to ACCESS and EDIT Paypal GMAIL by Changing the ID.
π https://hackerone.com/reports/959697
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:13am (UTC)
π https://hackerone.com/reports/959697
πΉ Severity: High
πΉ Reported To: Dropcontact
πΉ Reported By: #try___for_impossible
πΉ State: π’ Resolved
πΉ Disclosed: August 18, 2020, 10:13am (UTC)