reportsDB.json

[
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTMxMzE=",
    "_id": "2353131",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQxNjU5Mw==",
      "name": "william",
      "username": "chor4o",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzUzMTMx",
      "databaseId": "2353131",
      "title": "Xss  Parameter: /<s>/[*]/<s>.css ████████",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2353131",
      "disclosed_at": "2024-03-22T17:44:22.194Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1Ng==",
        "hacktivity_summary": "The request included a cross-site scripting (XSS) vulnerability in the parameter /\\u003cs\\u003e/[*]/\\u003cs\\u003e.css. The vulnerability was triggered by including malicious code in the request, which could have been executed when the request was processed.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 30,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:44:22.299Z",
    "submitted_at": "2024-02-02T20:13:20.771Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTQxMzY=",
    "_id": "2354136",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjI5OTU0MA==",
      "name": "Dishant ",
      "username": "dishant_singh",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Authentication - Generic",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzU0MTM2",
      "databaseId": "2354136",
      "title": "Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2354136",
      "disclosed_at": "2024-03-22T17:43:14.390Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1NQ==",
        "hacktivity_summary": "The website had a directory that lacked authentication, allowing an attacker to add a new admin user and change the privileges of existing users without any authentication.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 38,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:43:14.474Z",
    "submitted_at": "2024-02-04T10:04:12.901Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTYxMDQ=",
    "_id": "2356104",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQxNjU5Mw==",
      "name": "william",
      "username": "chor4o",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzU2MTA0",
      "databaseId": "2356104",
      "title": "Parâmetro XSS: Nome de usuário - █████████",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2356104",
      "disclosed_at": "2024-03-22T17:40:22.789Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1NA==",
        "hacktivity_summary": "The report describes a cross-site scripting (XSS) vulnerability in the username parameter of an application. The vulnerability was demonstrated using Burp Suite, where the attacker was able to inject malicious JavaScript code into the username field. No further details were provided about the affected product or the potential impact of the vulnerability.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 15,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:40:22.908Z",
    "submitted_at": "2024-02-05T19:57:47.786Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTc1NjE=",
    "_id": "2297561",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjc2NjEwNA==",
      "name": "Gee Toca",
      "username": "geej",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Resource Injection",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjk3NTYx",
      "databaseId": "2297561",
      "title": "Resource Injection - [████████]",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2297561",
      "disclosed_at": "2024-03-22T17:38:24.212Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1Mw==",
        "hacktivity_summary": "The Swagger UI prior to version 4.1.3 was vulnerable to spoofing attacks. By crafting a URL with a malicious payload, an attacker could have displayed remote OpenAPI definitions on the affected host.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 16,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:38:24.310Z",
    "submitted_at": "2023-12-27T01:42:48.740Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMTI2MDk=",
    "_id": "2312609",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzAxODY4MQ==",
      "name": "eleven",
      "username": "elevenoo1",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzEyNjA5",
      "databaseId": "2312609",
      "title": "Full Access to sonarQube and Docker",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2312609",
      "disclosed_at": "2024-03-22T17:35:47.152Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1Mg==",
        "hacktivity_summary": "The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file within the application that contained hard-coded sensitive credentials, such as usernames and passwords, as well as IP addresses associated with the infrastructure.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 15,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:35:47.272Z",
    "submitted_at": "2024-01-11T20:35:34.304Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3OTQ3NTc=",
    "_id": "1794757",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzc4MDk3",
      "name": "⋆͓̽𝗔ɳօɳყ𝗠iss✨",
      "username": "anonymlss",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2017-0255"
    ],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzk0NzU3",
      "databaseId": "1794757",
      "title": "Reflective Cross Site Scripting (XSS) on ███████/Pages",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1794757",
      "disclosed_at": "2024-03-22T17:32:41.589Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1MQ==",
        "hacktivity_summary": "Summary:\n\nA reflection cross-site scripting (XSS) vulnerability was discovered in Microsoft SharePoint Server. The vulnerability was caused by improper sanitization of a web request to an affected SharePoint server. The vulnerability could have been exploited by an authenticated attacker to execute arbitrary JavaScript in the victim's browser.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 7,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:32:41.730Z",
    "submitted_at": "2022-12-06T10:49:50.780Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNzA1Nzg=",
    "_id": "2370578",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjI5OTU0MA==",
      "name": "Dishant ",
      "username": "dishant_singh",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Storage of Sensitive Information",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzcwNTc4",
      "databaseId": "2370578",
      "title": "DBMS information getting exposed publicly on -- [ ██████████ ]",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2370578",
      "disclosed_at": "2024-03-22T17:31:51.980Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1MA==",
        "hacktivity_summary": "A public file was found that exposed sensitive data from the website's database, including hashed user information and other configuration details. The file contained SQL statements that could be used to access the database, potentially revealing confidential data.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 10,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:31:52.080Z",
    "submitted_at": "2024-02-11T18:03:43.282Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzc0Mjc=",
    "_id": "2337427",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNjU2MDAz",
      "name": "kolokokop",
      "username": "kolokokop",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzM3NDI3",
      "databaseId": "2337427",
      "title": "Authentication Bypass with usage of PreSignedURL",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2337427",
      "disclosed_at": "2024-03-22T17:06:13.638Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI0OQ==",
        "hacktivity_summary": "The ownCloud Infinite Scale (oCIS) was identified to be vulnerable to an authentication bypass vulnerability due to an issue with the default-enabled PreSignedURL feature. The vulnerability allowed access to any file without authentication, given the prior knowledge of the username and filename. The issue was caused by the incorrect expiry date check in the `OC-Date` and `OC-Expires` variables, where a null error was returned upon expired dates, resulting in successful authentication of requests without checking the user's signing signature/key.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 23,
    "team": {
      "handle": "owncloud",
      "name": "ownCloud",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/003/059/d31dc64427bbbf2e428a0b0b97bce59b98d2ba0d_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/owncloud",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzMwNTk=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 2000,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:06:14.479Z",
    "submitted_at": "2024-01-27T19:50:47.574Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzE0NzM=",
    "_id": "2331473",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTA0MDY1MA==",
      "name": "",
      "username": "pentestor",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Open Redirect",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzMxNDcz",
      "databaseId": "2331473",
      "title": "Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/█.php",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2331473",
      "disclosed_at": "2024-03-20T15:38:46.783Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI0OA==",
        "hacktivity_summary": "The report described an Open Redirect vulnerability in the vcc-*.8x8.com/AGUI/█.php endpoint, where a filter that prevented the use of [1-9] and [a-z] characters in the `subdomain` parameter could be bypassed by utilizing a non-Latin domain. The vulnerability was demonstrated by redirecting to the `नमस्ते.भारत` domain.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 36,
    "team": {
      "handle": "8x8-bounty",
      "name": "8x8 Bounty",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/16aYGnF7ASJBgKtGCuibiuVT/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/8x8-bounty",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQ5NzMy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 100,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-20T15:38:47.128Z",
    "submitted_at": "2024-01-23T13:55:08.649Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwMzMwMDU=",
    "_id": "2033005",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ0OTQ5OQ==",
      "name": "Fares W Muhammed",
      "username": "bugsv2",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Business Logic Errors",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDMzMDA1",
      "databaseId": "2033005",
      "title": "Bypassing the block of Security Domain Restriction and normally invite blocked domains with special characters “İ”",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2033005",
      "disclosed_at": "2024-03-20T13:13:35.928Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI0Ng==",
        "hacktivity_summary": "The vulnerability allows users to bypass the security domain restriction and invite blocked domains by using special characters such as \"İ\" instead of \"I\" or \"i\". The vulnerability was reported and could potentially have been abused to violate the owner's rules and invite blocked domains to the project.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 37,
    "team": {
      "handle": "frontegg",
      "name": "Frontegg",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/03bevawp68pp38m1zvkqtpdpsf6j/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/frontegg",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODIw",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-20T13:13:36.745Z",
    "submitted_at": "2023-06-21T08:19:03.984Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxNDkxMjQ=",
    "_id": "2149124",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ0OTQ5OQ==",
      "name": "Fares W Muhammed",
      "username": "bugsv2",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTQ5MTI0",
      "databaseId": "2149124",
      "title": "PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2149124",
      "disclosed_at": "2024-03-20T13:13:36.011Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI0Nw==",
        "hacktivity_summary": "A vulnerability was discovered that allowed users to use the PATCH method to edit API key information, such as the description, createdAt, and roleIds, which was not intended to be allowed. The vulnerability was caused by a misconfiguration that permitted the PATCH method on the API key endpoint, enabling users to escalate their functionalities and modify API key settings beyond their intended permissions.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 28,
    "team": {
      "handle": "frontegg",
      "name": "Frontegg",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/03bevawp68pp38m1zvkqtpdpsf6j/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/frontegg",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODIw",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-20T13:13:36.675Z",
    "submitted_at": "2023-09-15T05:35:17.570Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MTkyMjc=",
    "_id": "2419227",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTQ4MDM1NQ==",
      "name": "Aviv Keller",
      "username": "redyetihacks",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-28866"
    ],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDE5MjI3",
      "databaseId": "2419227",
      "title": "XSS in new.loading.page.html",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2419227",
      "disclosed_at": "2024-03-17T14:06:19.848Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI0MQ==",
        "hacktivity_summary": "A cross-site scripting vulnerability was found in new.loading.page.html due to inadequate handling of query parameters. This allowed attackers to insert javascript URIs as redirectors, leading to unauthorized script execution.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 53,
    "team": {
      "handle": "gocd",
      "name": "GoCD",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/013/559/870f3bcab332d087cde7b75fe2922e93615e3f78_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/gocd",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTM1NTk=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-17T14:06:20.038Z",
    "submitted_at": "2024-03-16T22:27:20.485Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMjIwODI=",
    "_id": "2322082",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTI1OTI0OQ==",
      "name": "Akash Hamal",
      "username": "akashhamal0x01",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzIyMDgy",
      "databaseId": "2322082",
      "title": "Being able to disclose IBB bounty table of any public program",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2322082",
      "disclosed_at": "2024-03-17T10:33:32.545Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI0MA==",
        "hacktivity_summary": "A private Internet Bug Bounty (IBB) bounty table was disclosed. The IBB bounty table contained information about the reward amounts for critical, high, medium, and low vulnerabilities in open-source projects.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 64,
    "team": {
      "handle": "security",
      "name": "HackerOne",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/013/fa942b9b1cbf4faf37482bf68458e1195aab9c02_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/security",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-17T10:33:32.811Z",
    "submitted_at": "2024-01-16T13:34:59.541Z",
    "disclosed": true,
    "has_collaboration": true
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyODQwNjU=",
    "_id": "2284065",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTg3Mzk5NA==",
      "name": "maple3142",
      "username": "maple3142",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-22025"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjg0MDY1",
      "databaseId": "2284065",
      "title": "Denial of Service by resource exhaustion in fetch() brotli decoding",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2284065",
      "disclosed_at": "2024-03-16T17:43:24.902Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIzOQ==",
        "hacktivity_summary": "A denial of service vulnerability was identified in Node.js related to resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The issue stems from fetch() always decoding Brotli content, allowing an attacker controlling the URL to cause resource exhaustion leading to potential process termination.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 26,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-16T17:43:25.210Z",
    "submitted_at": "2023-12-13T20:21:37.360Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxNzAyMjY=",
    "_id": "2170226",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjg5NDM5Mw==",
      "name": "SebV",
      "username": "valette",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-22017"
    ],
    "cwe": "Privilege Escalation",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTcwMjI2",
      "databaseId": "2170226",
      "title": "setuid() does not drop all privileges due to io_uring",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2170226",
      "disclosed_at": "2024-03-16T17:43:08.076Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIzOA==",
        "hacktivity_summary": "setuid() did not drop all privileges in some versions of Node.js due to io_uring being initialized before setuid() call. This allowed privileged operations after setuid() intended to drop privileges.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 22,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-16T17:43:08.452Z",
    "submitted_at": "2023-09-18T13:59:11.685Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxOTA4Mjc=",
    "_id": "2190827",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjUwODg2MQ==",
      "name": "Nicolas Ferrero",
      "username": "inspector-ambitious",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2023-6803"
    ],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTkwODI3",
      "databaseId": "2190827",
      "title": "Bypassing Collaborator Restrictions: Retaining Admin Access Post-Repository Transfer",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2190827",
      "disclosed_at": "2024-03-15T19:30:39.085Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIzNw==",
        "hacktivity_summary": "A race condition was discovered in GitHub Enterprise Server that allowed an outside collaborator to be added while a repository was being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was addressed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 43,
    "team": {
      "handle": "github",
      "name": "GitHub",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/001/894/1de36b69ee85cb77397b0ee01ddbabd7ed47a3dd_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/github",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE4OTQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-15T19:30:39.360Z",
    "submitted_at": "2023-10-03T12:31:18.510Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxODU1NDU=",
    "_id": "2185545",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjUwODg2MQ==",
      "name": "Nicolas Ferrero",
      "username": "inspector-ambitious",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2023-46649"
    ],
    "cwe": "Improper Authentication - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTg1NTQ1",
      "databaseId": "2185545",
      "title": "Persistent Unauthorized Administrative Access on All Organization Repositories via RC in User Conversion to Organization",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2185545",
      "disclosed_at": "2024-03-15T19:29:25.470Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIzNg==",
        "hacktivity_summary": "A race condition was identified that could allow unauthorized administrative access when converting a user to an organization. This affected GitHub Enterprise Server versions since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 37,
    "team": {
      "handle": "github",
      "name": "GitHub",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/001/894/1de36b69ee85cb77397b0ee01ddbabd7ed47a3dd_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/github",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE4OTQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-15T19:29:25.742Z",
    "submitted_at": "2023-09-28T10:38:07.924Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzOTkzODY=",
    "_id": "2399386",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjk3NjExMw==",
      "name": "S.Lakshmi Vignesh",
      "username": "w3shi",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": null,
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzk5Mzg2",
      "databaseId": "2399386",
      "title": "Github app(link) Takeover Listed on \"https://docs.doppler.com/docs/github-actions\" page",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2399386",
      "disclosed_at": "2024-03-15T15:54:34.506Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIzNQ==",
        "hacktivity_summary": "A github app presented on a Doppler documentation page was vulnerable to takeover, enabling attackers to achieve malicious objectives. The app link has since been removed or replaced to mitigate this vulnerability.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 24,
    "team": {
      "handle": "doppler",
      "name": "Doppler",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/d2gsn9dvxqlmk8lmj1meggeuueuy/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/doppler",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzUwNzY3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-15T15:54:34.620Z",
    "submitted_at": "2024-03-02T17:17:29.890Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzODM0ODY=",
    "_id": "2383486",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjUzOTYzOQ==",
      "name": "Psycho",
      "username": "psycho_012",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzgzNDg2",
      "databaseId": "2383486",
      "title": "Insecure S3 Bucket Exposing Git Directory in Mozilla Foundation Infographics Project",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2383486",
      "disclosed_at": "2024-03-13T14:45:45.522Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyOQ==",
        "hacktivity_summary": "Git configuration was leaked in one of the S3 buckets used by Mozilla Foundation Infographics Project. The configuration included an old Github access token which was no longer valid. We restricted access to the `.git` directory on the bucket.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 44,
    "team": {
      "handle": "mozilla_core_services",
      "name": "Mozilla",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/0p8e6gg8xoy45dhjxs5wh4iti6k8/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mozilla_core_services",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYxMjM2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-13T14:45:45.621Z",
    "submitted_at": "2024-02-21T12:18:54.697Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTcxMTM=",
    "_id": "2357113",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjg0NjE4MQ==",
      "name": "Giwa",
      "username": "giwadaoud",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Direct Object Reference (IDOR)",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzU3MTEz",
      "databaseId": "2357113",
      "title": "Unauthorized Access to Offline Publication Cover Pages via SOURCE_DOCUMENT_ID",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2357113",
      "disclosed_at": "2024-03-13T09:12:42.493Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyOA==",
        "hacktivity_summary": "A vulnerability was discovered that allowed unauthorized access to offline publication cover pages by sending requests with specific source document IDs. This exposed cover pages and associated user and publication IDs that were intended to be private.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 37,
    "team": {
      "handle": "publitas",
      "name": "Publitas",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/103/83b23429fe1d8e894f5e774b12356c6809e15b3d_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/publitas",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTAz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-13T09:12:42.597Z",
    "submitted_at": "2024-02-06T21:29:26.114Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTE5OTk=",
    "_id": "2291999",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTM2MTg5MQ==",
      "name": "Ashutosh",
      "username": "marvelmaniac",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Direct Object Reference (IDOR)",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjkxOTk5",
      "databaseId": "2291999",
      "title": "An attacker can submit arbitrary projects to their service accounts and obtain full information on projects of other users.",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2291999",
      "disclosed_at": "2024-03-12T09:58:42.679Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyNw==",
        "hacktivity_summary": "An information disclosure vulnerability was discovered in the Request Services feature that allowed attackers to obtain project details of other users. The issue was resolved and a bounty was paid to the researcher who reported it.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 63,
    "team": {
      "handle": "linkedin",
      "name": "LinkedIn",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/058/3aaa858b18e9807c5c1fea0c559156568a6647cc_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/linkedin",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-12T09:58:42.770Z",
    "submitted_at": "2023-12-19T18:03:14.623Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzExMTkxMjA=",
    "_id": "1119120",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTI4MTE=",
      "name": "ooooooo_q",
      "username": "ooooooo_q",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Deserialization of Untrusted Data",
    "severity_rating": null,
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xMTE5MTIw",
      "databaseId": "1119120",
      "title": "Bundler's RCE with response using Marshal",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1119120",
      "disclosed_at": "2024-03-12T02:56:05.631Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyNg==",
        "hacktivity_summary": "A vulnerability was found in Bundler's dependency API endpoint, which uses Marshal serialization. This could allow for remote code execution if a client receives a specially crafted response. The impact is increased risk from specifying an untrusted source or man-in-the-middle attack.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 27,
    "team": {
      "handle": "rubygems",
      "name": "RubyGems",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/008/212/e65eca09896d23bc029c08d3147a79a48ec1ee2f_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/rubygems",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzgyMTI=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-12T02:56:05.711Z",
    "submitted_at": "2021-03-07T07:02:49.576Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzOTAwMDk=",
    "_id": "2390009",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTE0NzUzNA==",
      "name": "timon",
      "username": "timon8",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-24758"
    ],
    "cwe": "Information Disclosure",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzkwMDA5",
      "databaseId": "2390009",
      "title": "Proxy-Authorization header is not cleared in cross-domain redirect in undici",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2390009",
      "disclosed_at": "2024-03-12T02:20:16.025Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyNQ==",
        "hacktivity_summary": "Proxy-Authorization header not cleared on cross-origin redirect in Undici. Impacted versions <= v5.28.2, >= v6.0.0 <= v6.6.0. Patched in v5.28.3 and v6.6.1. No known workarounds.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 25,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=656a04e24b81c0f7e2715daea77f8f16688e2d275540f4eb8057300f0fb8b23a",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 405,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-12T02:20:16.102Z",
    "submitted_at": "2024-02-26T05:59:27.230Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNDA4MzM=",
    "_id": "2340833",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTE0NzUzNA==",
      "name": "timon",
      "username": "timon8",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzQwODMz",
      "databaseId": "2340833",
      "title": "Apache Airflow: Bypass permission verification to read code of other dags",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2340833",
      "disclosed_at": "2024-03-12T02:19:57.277Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyNA==",
        "hacktivity_summary": "CVE-2023-50944: Apache Airflow: Bypass permission verification to read code of other dags\nSeverity: low\n\nAffected versions:\nApache Airflow before 2.8.1  \n\nDescription:\nApache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 23,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=656a04e24b81c0f7e2715daea77f8f16688e2d275540f4eb8057300f0fb8b23a",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 540,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-12T02:19:57.362Z",
    "submitted_at": "2024-01-31T07:20:56.083Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTI5NTc=",
    "_id": "2352957",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTE0NzUzNA==",
      "name": "timon",
      "username": "timon8",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-24758"
    ],
    "cwe": "Information Disclosure",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzUyOTU3",
      "databaseId": "2352957",
      "title": "Proxy-Authorization header is not cleared in cross-domain redirect in undici",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2352957",
      "disclosed_at": "2024-03-12T02:17:13.563Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyMw==",
        "hacktivity_summary": "A vulnerability was found in undici prior to version 6.5.0 where the Proxy-Authorization header was not cleared during cross-domain redirects, potentially leaking credentials to third party sites.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 14,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-12T02:17:13.655Z",
    "submitted_at": "2024-02-02T16:09:11.328Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3MTcyMTA=",
    "_id": "1717210",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODcxOTU3",
      "name": "@d@m",
      "username": "a_d_a_m",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzE3MjEw",
      "databaseId": "1717210",
      "title": "Exposure of service tokens to webpack bundle",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1717210",
      "disclosed_at": "2024-03-08T20:27:32.855Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIyMg==",
        "hacktivity_summary": "Service tokens were exposed in a webpack bundle during the build process due to environment variables being accidentally included in the webpack configuration file. A review found no evidence the exposed tokens were used by unauthorized parties.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 46,
    "team": {
      "handle": "semrush",
      "name": "Semrush",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/z5zlmceddsqb6x026x37tp0ych7i/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22Avatars.png%22%3B%20filename%2A%3DUTF-8%27%27Avatars.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=4c7eeeeab4fce0768a4e7066a9e5f977018482ac7c8be7462bc5b315db30e58c",
      "url": "https://hackerone.com/semrush",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1OTY2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-08T20:27:32.969Z",
    "submitted_at": "2022-09-29T21:13:38.457Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMjMzMDM=",
    "_id": "2323303",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjY5NTY3OA==",
      "name": "Hillybot",
      "username": "hillybot__",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzIzMzAz",
      "databaseId": "2323303",
      "title": "Program admins could add verified domains to an organization",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2323303",
      "disclosed_at": "2024-03-07T15:10:05.577Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIwMg==",
        "hacktivity_summary": "Program admins could add verified domains to an organization in HackerOne despite lacking organization admin permissions. This allowed program admins to access restricted features and escalate privileges.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 64,
    "team": {
      "handle": "security",
      "name": "HackerOne",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/013/fa942b9b1cbf4faf37482bf68458e1195aab9c02_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/security",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-07T15:10:05.658Z",
    "submitted_at": "2024-01-17T12:00:37.626Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3NzA4NTg=",
    "_id": "1770858",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODcxOTU3",
      "name": "@d@m",
      "username": "a_d_a_m",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Direct Object Reference (IDOR)",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzcwODU4",
      "databaseId": "1770858",
      "title": "IDOR vulnerability reveals additional information",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1770858",
      "disclosed_at": "2024-03-07T10:04:31.113Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIwMQ==",
        "hacktivity_summary": "An issue was identified in the Content Outline Builder product. Changing a user ID in a GraphQL request could reveal additional information about users. A subsequent internal review revealed no evidence of exploitation by unauthorized parties.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 63,
    "team": {
      "handle": "semrush",
      "name": "Semrush",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/z5zlmceddsqb6x026x37tp0ych7i/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22Avatars.png%22%3B%20filename%2A%3DUTF-8%27%27Avatars.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=4c7eeeeab4fce0768a4e7066a9e5f977018482ac7c8be7462bc5b315db30e58c",
      "url": "https://hackerone.com/semrush",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1OTY2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-07T10:04:31.203Z",
    "submitted_at": "2022-11-11T02:12:13.119Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzODI0ODQ=",
    "_id": "2382484",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNzQ4NjMy",
      "name": "Abdan Alkayyis",
      "username": "ryujinx",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Direct Object Reference (IDOR)",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzgyNDg0",
      "databaseId": "2382484",
      "title": "IDOR on Delete Email address features",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2382484",
      "disclosed_at": "2024-03-07T09:10:58.201Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzIwMA==",
        "hacktivity_summary": "An insecure direct object reference vulnerability was found in a web application which allowed users to delete email addresses in other users' accounts by manipulating identifiers. The issue was mitigated by adding proper access controls on the delete operation.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 56,
    "team": {
      "handle": "mozilla_core_services",
      "name": "Mozilla",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/0p8e6gg8xoy45dhjxs5wh4iti6k8/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mozilla_core_services",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYxMjM2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-07T09:10:58.280Z",
    "submitted_at": "2024-02-20T18:09:14.310Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwNzc5ODU=",
    "_id": "2077985",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODcxOTU3",
      "name": "@d@m",
      "username": "a_d_a_m",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Server-Side Request Forgery (SSRF)",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDc3OTg1",
      "databaseId": "2077985",
      "title": "Lack of sanitization of the billing address in pdf invoice",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2077985",
      "disclosed_at": "2024-03-06T12:20:11.202Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE5OQ==",
        "hacktivity_summary": "A vulnerability in the invoice PDF generation allowed HTML code injection due to insufficient sanitization of billing address data. An internal review found no evidence of exploitation.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 52,
    "team": {
      "handle": "semrush",
      "name": "Semrush",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/z5zlmceddsqb6x026x37tp0ych7i/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22Avatars.png%22%3B%20filename%2A%3DUTF-8%27%27Avatars.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=4c7eeeeab4fce0768a4e7066a9e5f977018482ac7c8be7462bc5b315db30e58c",
      "url": "https://hackerone.com/semrush",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1OTY2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-06T12:20:11.300Z",
    "submitted_at": "2023-07-20T17:50:12.638Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE4MTY5MDA=",
    "_id": "1816900",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODcxOTU3",
      "name": "@d@m",
      "username": "a_d_a_m",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Direct Object Reference (IDOR)",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xODE2OTAw",
      "databaseId": "1816900",
      "title": "IDOR allows information disclosure",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1816900",
      "disclosed_at": "2024-03-05T17:37:53.549Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE5OA==",
        "hacktivity_summary": "A vulnerability in the Social Media Inbox tool's task tracker allowed information disclosure. The tool enables linking social accounts to oversee content and engage audiences. Its task tracker lets users delegate messages to colleagues. It was found a user could assign messages to any user ID, enabling unauthorized information access. No evidence was found of exploitation.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 51,
    "team": {
      "handle": "semrush",
      "name": "Semrush",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/z5zlmceddsqb6x026x37tp0ych7i/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22Avatars.png%22%3B%20filename%2A%3DUTF-8%27%27Avatars.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=4c7eeeeab4fce0768a4e7066a9e5f977018482ac7c8be7462bc5b315db30e58c",
      "url": "https://hackerone.com/semrush",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1OTY2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-05T17:37:53.630Z",
    "submitted_at": "2022-12-26T00:53:09.630Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNzU0NDY=",
    "_id": "2375446",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTU0",
      "name": "Bartek Nowotarski",
      "username": "bart",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-22019"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzc1NDQ2",
      "databaseId": "2375446",
      "title": "http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2375446",
      "disclosed_at": "2024-03-05T12:09:56.321Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE5Nw==",
        "hacktivity_summary": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits. This vulnerability affects all users in all active release lines: 18.x, 20.x, and 21.x. Thank you, to Bartek Nowotarski for reporting this vulnerability and thank you Paolo Insogna for fixing it.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 40,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=656a04e24b81c0f7e2715daea77f8f16688e2d275540f4eb8057300f0fb8b23a",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 3495,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-05T12:09:56.377Z",
    "submitted_at": "2024-02-15T18:19:30.150Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMzM0ODA=",
    "_id": "2233480",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTA1NDUy",
      "name": "Fran",
      "username": "jfran_cbit",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Authentication Bypass Using an Alternate Path or Channel",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjMzNDgw",
      "databaseId": "2233480",
      "title": "Access to internal info via Graphql on https://tng-api.watsons.com.my",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2233480",
      "disclosed_at": "2024-03-05T08:51:09.534Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 47,
    "team": {
      "handle": "watson_group",
      "name": "A.S. Watson Group ",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/i5eu11xw98k5xa3dmxyk5sfvoi45/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/watson_group",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQ4MzU0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ManuallyDisclosed",
    "latest_disclosable_activity_at": "2024-03-05T08:51:09.440Z",
    "submitted_at": "2023-10-30T21:12:45.883Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzODc2MDA=",
    "_id": "2387600",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzk5MjE5",
      "name": "ANDRI HU",
      "username": "deb0con",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2022-21371"
    ],
    "cwe": null,
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzg3NjAw",
      "databaseId": "2387600",
      "title": "CVE-2022-21371:  Oracle WebLogic Server Local File Inclusion",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2387600",
      "disclosed_at": "2024-03-04T19:22:52.124Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE5Ng==",
        "hacktivity_summary": "A local file inclusion vulnerability was identified in Oracle WebLogic Server that could allow an unauthenticated attacker to access sensitive data or take control of the server. The affected versions are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 26,
    "team": {
      "handle": "mars",
      "name": "Mars",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/Ec9VTTzrRe3u3WK8g4EqRrrP/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mars",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNTA1ODE=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-04T19:22:52.222Z",
    "submitted_at": "2024-02-23T11:00:48.096Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMzQ3MzY=",
    "_id": "2234736",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTg0NDM1OA==",
      "name": "Sushil Choudhary",
      "username": "0xchoudhary",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjM0NzM2",
      "databaseId": "2234736",
      "title": "Session Doesn't expire after 2fa and also other session can change passsword ",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2234736",
      "disclosed_at": "2024-03-02T17:43:09.917Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE5MA==",
        "hacktivity_summary": "A vulnerability was found where user sessions were not terminated after two-factor authentication was enabled, allowing the password to be changed from an active session that did not have two-factor authentication enabled.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 64,
    "team": {
      "handle": "sidefx",
      "name": "SideFX",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/h7pk4347ap4x2wxyq1bdx1aykzgt/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22logo.png%22%3B%20filename%2A%3DUTF-8%27%27logo.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=ee50dbbf6b8817b9bb61bd976ecc8735445ec9092375b2e0903fae7c9acc7e7a",
      "url": "https://hackerone.com/sidefx",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU1NTUy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 300,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-02T17:43:10.075Z",
    "submitted_at": "2023-11-01T06:29:49.420Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE2OTQzMDQ=",
    "_id": "1694304",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzQzMTA1",
      "name": "Bugra Eskici",
      "username": "bugra",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNjk0MzA0",
      "databaseId": "1694304",
      "title": "Able to see Twitter Circle tweets due to improper access control on the \"FavoriteTweet\" endpoint",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1694304",
      "disclosed_at": "2024-03-01T22:41:27.301Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE4OQ==",
        "hacktivity_summary": "An attacker was able to view private Twitter Circle posts by liking them through the /FavoriteTweet endpoint and then downloading their Twitter data archive, which contained the full content of the liked posts.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 62,
    "team": {
      "handle": "x",
      "name": "X (Formerly Twitter)",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/ikx4ept298unt534kpz4am2bd4zs/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/x",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYx",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-01T22:41:27.398Z",
    "submitted_at": "2022-09-08T05:23:11.525Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzgyODU=",
    "_id": "2338285",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTMxNDU3Nw==",
      "name": "Nightmare",
      "username": "nightm4re",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzM4Mjg1",
      "databaseId": "2338285",
      "title": "XSS Refelected on jazz.net",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2338285",
      "disclosed_at": "2024-02-29T15:31:36.675Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE4OA==",
        "hacktivity_summary": "A cross-site scripting vulnerability was reported on jazz.net. The issue was analyzed and remediated by IBM.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 60,
    "team": {
      "handle": "ibm",
      "name": "IBM",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/002/060/c9c3633edc1081446038c76237344b51696334da_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/ibm",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMjA2MA==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-29T15:31:36.768Z",
    "submitted_at": "2024-01-29T04:32:38.612Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTIyMzY=",
    "_id": "2292236",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjUxNDQ4NQ==",
      "name": "",
      "username": "nepalihacker0x01",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Authentication - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjkyMjM2",
      "databaseId": "2292236",
      "title": "Improper Authentication on Alertmanager instance",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2292236",
      "disclosed_at": "2024-02-29T15:25:32.581Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE4Nw==",
        "hacktivity_summary": "Improper authentication was configured on an alertmanager instance. The issue was reported to IBM, analyzed, and remediated.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 30,
    "team": {
      "handle": "ibm",
      "name": "IBM",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/002/060/c9c3633edc1081446038c76237344b51696334da_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/ibm",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMjA2MA==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-29T15:25:32.645Z",
    "submitted_at": "2023-12-20T02:25:14.625Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMzkwNDc=",
    "_id": "2139047",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjM1NTExOA==",
      "name": "bugoverflow",
      "username": "bugoverflow",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Authentication - Generic",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTM5MDQ3",
      "databaseId": "2139047",
      "title": "Jenkins server access due to weak password",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2139047",
      "disclosed_at": "2024-02-29T15:18:43.837Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE4Ng==",
        "hacktivity_summary": "Jenkins server access was gained due to a weak password. The issue was reported to IBM, analyzed, and remediated.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 33,
    "team": {
      "handle": "ibm",
      "name": "IBM",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/002/060/c9c3633edc1081446038c76237344b51696334da_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/ibm",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMjA2MA==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-29T15:18:43.929Z",
    "submitted_at": "2023-09-07T02:33:06.216Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTM3MzE=",
    "_id": "2293731",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjkwNTQwNg==",
      "name": "vx01",
      "username": "vx01",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2023-6004"
    ],
    "cwe": "Code Injection",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjkzNzMx",
      "databaseId": "2293731",
      "title": "Command Injection using malicious hostname in expanded proxycommand",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2293731",
      "disclosed_at": "2024-02-28T16:28:01.972Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE4Mw==",
        "hacktivity_summary": "A vulnerability in the handling of ProxyCommand and ProxyJump hostname parameters in libssh versions 0.10.x, 0.9.x and 0.8.x was reported. The issue enables malicious code injection through unchecked hostname syntax. User interaction is required for exploitation.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 34,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=656a04e24b81c0f7e2715daea77f8f16688e2d275540f4eb8057300f0fb8b23a",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 540,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-28T16:28:02.099Z",
    "submitted_at": "2023-12-20T22:05:47.557Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMTI5NTA=",
    "_id": "2212950",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTg2MDE0Nw==",
      "name": "Dom G",
      "username": "domg",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Stored",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjEyOTUw",
      "databaseId": "2212950",
      "title": "Stored XSS on LinkedIn App via iframe tag in Article",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2212950",
      "disclosed_at": "2024-02-28T07:00:21.300Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE4Mg==",
        "hacktivity_summary": "A stored cross-site scripting vulnerability was found in the LinkedIn mobile application that allowed JavaScript code to be executed when viewing specially crafted articles containing iframe tags. The issue was resolved after receiving the report.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 77,
    "team": {
      "handle": "linkedin",
      "name": "LinkedIn",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/058/3aaa858b18e9807c5c1fea0c559156568a6647cc_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/linkedin",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-28T07:00:21.378Z",
    "submitted_at": "2023-10-17T11:52:05.494Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE0NDgyMTg=",
    "_id": "1448218",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNzcwOTAz",
      "name": "Sanam Dhar",
      "username": "asce21",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": null,
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNDQ4MjE4",
      "databaseId": "1448218",
      "title": "Sensitive information disclosure on grafana",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1448218",
      "disclosed_at": "2024-02-26T22:02:26.158Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE3OA==",
        "hacktivity_summary": "Sensitive information was disclosed through publicly accessible Grafana metrics, SAP public info endpoints, and an AWS bucket listing.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 38,
    "team": {
      "handle": "jetblue",
      "name": "JetBlue",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/eiju9dfg778nf9kfbg44szgio191/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22logo.png%22%3B%20filename%2A%3DUTF-8%27%27logo.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQTSOVFBH5%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T153304Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCUfTvqiFox21djbCnq1cRHnthvTj5nBk7lIL%2FKPryGMQIgIJPK6%2FLwc0Kn3zPqrfNOJ0%2BQFKbICzqnn4WLfus1CQsqsQUILxADGgwwMTM2MTkyNzQ4NDkiDBCJrV22JBmKR2%2BuIyqOBc30crCr3%2FhHt0xB%2B%2Bd7gs9N6QHgLzAjGEmbI51GtIDng3E8WsshFRJCmOpusjTdeOrmYx8MkCwQKiT%2BTij2%2BgkbMqWjDjUFGtfS35JDHI60L4sbaRh52RIshsprdqqECuL4pvO%2F3Xh0%2FaZvVbemYi6p2Pdpz6hBGJoO7Sprqf3iqtRxw9Xyv967e6AaKgRP2Nzn6OBd5MGyVue5HYZUj4VYugiuKqMF%2Bv6R%2FpuXNLlTp6f9%2BlSBlk84ZHGwenk%2Bh7I6%2FEgmUZFXCd75%2FMIsfiRbWsVLC6xYbC0nfOE41EUGdwG1tx54nN%2B6QqpXrOqen3AOxid89v04JLFuFA47GwpCVkforsn%2FXbL7%2FXp422xjSSq%2BTVer0ccfBxe%2FQlldILo%2BbJuSqxspSHSPu8SRWy109JJsI6B1xtbNx0txnqGDjiEiIw98YoOQsxEaJ1rvaKsPGA5jBRA4XMHWZmvDW1WFqfHI1BXWXLRo3Mc%2FHvt0N8e9e3oARJnmQOUvdLuxVP0dMlrsFl0FnrqQkcwMKKtzCvy0UaR0zntDq82wKpFjA8%2FFM5nvi1cjac%2F2mZdjU0J4Nxpkhux68dUX8D%2FHHMwe01T8wH%2BYiNS%2FiTE%2FR2%2FD4ToDL7vUg37rSIgTircr02tHRDHyB5r2Wp7Wj3%2FXwgkEloTsFdg58jdzi3tN1olAPYTRAc6uddAypgCDXdDzicdkIWqA6F%2Bx4uNAWp55q98GJX6aZNjYqeIjJQqbiu1OpeZ6NeqbZEJHKPEw5KGhpEVwpn77VBJ4ZvC0CD5s1TiulZ9QaWgcAVYBfUEmJ8bmBIMna6cBSyvmayVoknpRVxr3Jerg9kst9xZEAfuubC4RTeCGQmSEosutZlNJAjDZqNqwBjqxAVD0QqvgFDTYXuEbREv4AQRfja4n72e1zeoG0xYrYJfZ%2BGtL%2FoX%2FZbaDhDL%2FygYLdrV8BkpsncUUQWS4gm5VsWk6KlKEkwk24TKrMFapqGf%2BuvNiOVI7GVOZRLS36Q1gWpYEXvwY5%2FlLopy%2FpEh9oEksO%2B2jkPdxZEimqH03SRoFNJgwrCEjLjxVL6pPjD7%2FusNDNG%2Fg53RLvajYRXirIik54cQc%2BOs8MkY%2BTFtbsqHdPw%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=a39e4c4d5efea59cafaaec26ba8690dfe2aae870a79fb9084f36955f717d6837",
      "url": "https://hackerone.com/jetblue",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNTE2ODI=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-26T22:02:26.240Z",
    "submitted_at": "2022-01-12T20:27:44.106Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNzEwMTk=",
    "_id": "2371019",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjAxMzg5",
      "name": "René de Sain",
      "username": "renniepak",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - DOM",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzcxMDE5",
      "databaseId": "2371019",
      "title": "DOM XSS on multiple Automattic domains through postMessages",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2371019",
      "disclosed_at": "2024-02-26T08:24:28.416Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE3Nw==",
        "hacktivity_summary": "A DOM XSS vulnerability was found on widgets.wp.com allowing injection of scripts into the DOM. This was combined with a vulnerability in the Jetpack WordPress plugin where postMessages from widgets.wp.com were used to populate avatar URLs without validation, leading to DOM XSS on WordPress sites using the Likes feature. Over 100,000 websites were affected. Input validation and output encoding was recommended to mitigate the vulnerabilities.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 69,
    "team": {
      "handle": "automattic",
      "name": "Automattic",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/111/7f89e1ea233f92916202521a069fdbfe9eced339_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/automattic",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzExMQ==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-26T08:24:28.507Z",
    "submitted_at": "2024-02-12T11:08:21.025Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzODc0NTg=",
    "_id": "2387458",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjU0NTg3Nw==",
      "name": "Priyanshu Sharma",
      "username": "priyanshusharma9789",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Business Logic Errors",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzg3NDU4",
      "databaseId": "2387458",
      "title": "CSP Bypass and escalation of https://hackerone.com/reports/2279346",
      "substate": "not-applicable",
      "url": "https://hackerone.com/reports/2387458",
      "disclosed_at": "2024-02-23T15:39:07.043Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 36,
    "team": {
      "handle": "portswigger",
      "name": "PortSwigger Web Security",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/015/252/60e8778f4f1fee57ea2b164a7d2ec1e2d2dd7bc8_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/portswigger",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1MjUy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-23T15:39:07.114Z",
    "submitted_at": "2024-02-23T05:22:01.104Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE1NzA4NzQ=",
    "_id": "1570874",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNTY5NDU2",
      "name": "RyotaK",
      "username": "ryotak",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": null,
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNTcwODc0",
      "databaseId": "1570874",
      "title": "Arbitrary file read from Cloudflare Pages build environment",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1570874",
      "disclosed_at": "2024-02-23T02:03:32.191Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE3NQ==",
        "hacktivity_summary": "A vulnerability in Cloudflare Pages allowed attackers to escalate privileges during the build process, enabling arbitrary file reads. Cloudflare implemented more restrictive input validation on the redirects and headers feature to resolve the issue. The build environment is scoped to each Pages project, limiting exposure.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 33,
    "team": {
      "handle": "cloudflare",
      "name": "Cloudflare Public Bug Bounty",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/041/a819f0d518a4854df667be26210167805f38a6a4_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/cloudflare",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQx",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-23T02:03:32.275Z",
    "submitted_at": "2022-05-15T12:12:27.620Z",
    "disclosed": true,
    "has_collaboration": true
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE4NDEwNjQ=",
    "_id": "1841064",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzk0NDky",
      "name": "",
      "username": "alp",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Business Logic Errors",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xODQxMDY0",
      "databaseId": "1841064",
      "title": "Ability to getting Twitter Blue verified badge without purchase it",
      "substate": "duplicate",
      "url": "https://hackerone.com/reports/1841064",
      "disclosed_at": "2024-02-22T21:13:19.894Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 57,
    "team": {
      "handle": "x",
      "name": "X (Formerly Twitter)",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/ikx4ept298unt534kpz4am2bd4zs/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/x",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYx",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-22T21:13:19.994Z",
    "submitted_at": "2023-01-20T00:58:13.663Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTk1Mjk=",
    "_id": "2299529",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ0MTA1OA==",
      "name": "Ali Jaafer",
      "username": "a77w3",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjk5NTI5",
      "databaseId": "2299529",
      "title": "HTML Injection on TikTok Ads",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2299529",
      "disclosed_at": "2024-02-20T23:46:41.205Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE3NA==",
        "hacktivity_summary": "A HTML injection vulnerability was found in a TikTok Ads endpoint. The vulnerability could have allowed arbitrary HTML or phishing content to be injected. The issue was responsibly disclosed.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 110,
    "team": {
      "handle": "tiktok",
      "name": "TikTok",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/roYPkZznCDFmy4VGkFPnbDrc/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/tiktok",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQ5NzA4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 250,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-20T23:46:41.264Z",
    "submitted_at": "2023-12-30T02:02:39.006Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTc3Nzg=",
    "_id": "2357778",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTYyNzU2MQ==",
      "name": "Manash Saikia",
      "username": "xplo1t",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Unrestricted Upload of File with Dangerous Type",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzU3Nzc4",
      "databaseId": "2357778",
      "title": "Unrestricted File Upload at ██████████",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2357778",
      "disclosed_at": "2024-02-19T14:34:21.049Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE3MQ==",
        "hacktivity_summary": "The endpoint enabled unrestricted file uploads, allowing anyone on the internet to upload any type of file without restriction. This posed a security risk as unauthorized users could potentially upload harmful or malicious files.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 69,
    "team": {
      "handle": "mars",
      "name": "Mars",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/Ec9VTTzrRe3u3WK8g4EqRrrP/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mars",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNTA1ODE=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-19T14:34:21.139Z",
    "submitted_at": "2024-02-07T17:49:28.061Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTk1NzE=",
    "_id": "2299571",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTU3NDA0MQ==",
      "name": "mv0x01",
      "username": "mv0x01",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjk5NTcx",
      "databaseId": "2299571",
      "title": "Employee-only Area Bypass",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2299571",
      "disclosed_at": "2024-02-19T09:28:03.150Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE3MA==",
        "hacktivity_summary": "An improper access control issue allowed unauthorized access to an employee-only area, leading to information disclosure.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 66,
    "team": {
      "handle": "linkedin",
      "name": "LinkedIn",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/058/3aaa858b18e9807c5c1fea0c559156568a6647cc_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/linkedin",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-19T09:28:03.242Z",
    "submitted_at": "2023-12-30T04:58:09.906Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3ODUwNzk=",
    "_id": "1785079",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ0OTQ5OQ==",
      "name": "Fares W Muhammed",
      "username": "bugsv2",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzg1MDc5",
      "databaseId": "1785079",
      "title": "# Drivers can access the customers phone number, current location without getting their offer accepted!",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1785079",
      "disclosed_at": "2024-02-19T09:03:59.704Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE2OQ==",
        "hacktivity_summary": "A vulnerability was found where drivers could access customers' phone numbers and locations without having their offer accepted.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 57,
    "team": {
      "handle": "indrive",
      "name": "inDrive",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/765s9sszvp9zyt9qwkeaa52vvkf3/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/indrive",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODU3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-19T09:03:59.776Z",
    "submitted_at": "2022-11-27T13:19:52.577Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3ODI0Njc=",
    "_id": "1782467",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ0OTQ5OQ==",
      "name": "Fares W Muhammed",
      "username": "bugsv2",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzgyNDY3",
      "databaseId": "1782467",
      "title": "Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1782467",
      "disclosed_at": "2024-02-19T08:42:48.747Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE2OA==",
        "hacktivity_summary": "A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling malicious activities like downloading files or executing code on user devices without consent.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 51,
    "team": {
      "handle": "indrive",
      "name": "inDrive",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/765s9sszvp9zyt9qwkeaa52vvkf3/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/indrive",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODU3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-19T08:42:48.819Z",
    "submitted_at": "2022-11-23T16:01:00.832Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNzkzNDY=",
    "_id": "2279346",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTMyMjIxMw==",
      "name": "Johan Carlsson",
      "username": "joaxcar",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjc5MzQ2",
      "databaseId": "2279346",
      "title": "CSP bypass on PortSwigger.net using Google script resources",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2279346",
      "disclosed_at": "2024-02-18T22:10:06.616Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE2Nw==",
        "hacktivity_summary": "A cross-site scripting vulnerability was discovered on PortSwigger.net. The site's content security policy allowed resources from Google's reCAPTCHA domain, which contains AngularJS. This could be abused to bypass the CSP and load arbitrary scripts from other domains. The issue allowed an attacker to execute malicious JavaScript in the context of the vulnerable site.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 85,
    "team": {
      "handle": "portswigger",
      "name": "PortSwigger Web Security",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/015/252/60e8778f4f1fee57ea2b164a7d2ec1e2d2dd7bc8_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/portswigger",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1MjUy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 1500,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-18T22:10:06.704Z",
    "submitted_at": "2023-12-09T17:47:59.364Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3ODQxNjI=",
    "_id": "1784162",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTg0MDUyNw==",
      "name": "Mikael Gundersen",
      "username": "mikaelgundersen",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-22403"
    ],
    "cwe": "Violation of Secure Design Principles",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzg0MTYy",
      "databaseId": "1784162",
      "title": "OAuth2 \"authorization_code\" is valid indefinetly",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1784162",
      "disclosed_at": "2024-02-17T08:39:14.500Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE2Mg==",
        "hacktivity_summary": "A security advisory reported that the OAuth2 endpoint was not following best practices, as the authorization code was generated without a timeout, allowing an attacker with access to obtain and redeem the code in the future.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 42,
    "team": {
      "handle": "nextcloud",
      "name": "Nextcloud",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/tnqlkt8d6fcch8hj8brdjp8nw864/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nextcloud",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEzMjkx",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 100,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-17T08:39:14.831Z",
    "submitted_at": "2022-11-25T11:50:10.544Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNDc0NTc=",
    "_id": "2247457",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODkyMjM=",
      "name": "Joas Schilling",
      "username": "nickvergessen",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-22404"
    ],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjQ3NDU3",
      "databaseId": "2247457",
      "title": "Can download files by zipping the folder",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2247457",
      "disclosed_at": "2024-02-17T08:38:25.368Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE2MQ==",
        "hacktivity_summary": "A vulnerability was identified where files could be downloaded without proper permissions by zipping and downloading a folder, despite not having direct download access. This allowed circumvention of view-only restrictions.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 34,
    "team": {
      "handle": "nextcloud",
      "name": "Nextcloud",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/tnqlkt8d6fcch8hj8brdjp8nw864/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nextcloud",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEzMjkx",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-17T08:38:25.563Z",
    "submitted_at": "2023-11-10T07:55:39.004Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMjE1NDc=",
    "_id": "2221547",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjk3NTQ5",
      "name": "Ashraf Abdelrazik",
      "username": "ashrafabdelrazik",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjIxNTQ3",
      "databaseId": "2221547",
      "title": "Multiple Open Redirect on TikTok domains",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2221547",
      "disclosed_at": "2024-02-16T22:49:31.516Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE2MA==",
        "hacktivity_summary": "An open redirect vulnerability was discovered in the login process on TikTok Seller domains. This could have allowed takeover of a TikTok Seller account. The issue was reported privately and has been resolved.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 47,
    "team": {
      "handle": "tiktok",
      "name": "TikTok",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/roYPkZznCDFmy4VGkFPnbDrc/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/tiktok",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQ5NzA4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-16T22:49:31.616Z",
    "submitted_at": "2023-10-23T12:17:11.256Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMDEwNzY=",
    "_id": "2101076",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODYxNzY=",
      "name": "André Baptista",
      "username": "0xacb",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Null Termination",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTAxMDc2",
      "databaseId": "2101076",
      "title": "HackerOne SAML signup domain enforcement bypass results in unauthorized access to HackerOne PullRequest organization",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2101076",
      "disclosed_at": "2024-02-04T02:19:19.962Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzExMQ==",
        "hacktivity_summary": "A vulnerability was discovered where SAML signup domain enforcement for new signups belonging to SAML-enabled organizations could be bypassed by appending control characters, allowing unauthorized access. This was leveraged to access the HackerOne PullRequest organization and view source code in pull requests. It was found email domains enforced by HackerOne SSO were not allowed for regular registration, but appending \"%0d%0a\" to the email parameter allowed the request to complete. Then logging in with the actual email worked, pending email verification. Since hackerone.com is a domain part of a SAML-enabled organization, creating accounts with @hackerone.com emails and getting one clicked allowed PullRequest access via \"Sign in with HackerOne\". This gave source code access. To mitigate, the email address should be normalized in the signup endpoint and access to PullRequest should require manual approval for @hackerone.com accounts.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 162,
    "team": {
      "handle": "security",
      "name": "HackerOne",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/013/fa942b9b1cbf4faf37482bf68458e1195aab9c02_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/security",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::BountyAwarded",
    "latest_disclosable_activity_at": "2024-02-16T17:40:42.367Z",
    "submitted_at": "2023-08-08T12:05:55.858Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzMwMDgxNw==",
    "_id": "300817",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNTE0OTM=",
      "name": "",
      "username": "shewhoisdeath",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2009-3555"
    ],
    "cwe": "Cryptographic Issues - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8zMDA4MTc=",
      "databaseId": "300817",
      "title": "Secure Client-Initiated Renegotiation",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/300817",
      "disclosed_at": "2024-02-16T13:58:55.747Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1OQ==",
        "hacktivity_summary": "A vulnerability in the Secure Client-Initiated Renegotiation feature was found that could allow denial of service attacks or man-in-the-middle attacks. The issue was investigated and a fix was implemented by bundling it with other infrastructure updates.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 20,
    "team": {
      "handle": "localtapiola",
      "name": "LocalTapiola",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/008/416/b6fbd7e94497b0ffaee584d2e7096c5d5e2082e2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/localtapiola",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzg0MTY=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-16T13:58:55.832Z",
    "submitted_at": "2017-12-27T15:57:52.331Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMTg2NTM=",
    "_id": "2218653",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjY2NzAy",
      "name": "Tobias Nießen",
      "username": "tniessen",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-21896"
    ],
    "cwe": "Path Traversal",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjE4NjUz",
      "databaseId": "2218653",
      "title": "Path traversal by monkey-patching Buffer internals",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2218653",
      "disclosed_at": "2024-02-15T18:36:27.124Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1Nw==",
        "hacktivity_summary": "A path traversal vulnerability was introduced in the experimental permission model in Node.js 20 and 21 by monkey-patching Buffer internals. This allowed modification of the result of path.resolve(), leading to traversal beyond the expected path.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 33,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T18:36:27.242Z",
    "submitted_at": "2023-10-21T10:57:01.105Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNTcxNTY=",
    "_id": "2257156",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjY2NzAy",
      "name": "Tobias Nießen",
      "username": "tniessen",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-21890"
    ],
    "cwe": "Improper Access Control - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjU3MTU2",
      "databaseId": "2257156",
      "title": "Improper handling of wildcards in --allow-fs-read and --allow-fs-write",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2257156",
      "disclosed_at": "2024-02-15T18:35:59.390Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1Ng==",
        "hacktivity_summary": "A vulnerability was found in the Node.js permission model documentation regarding improper handling of wildcards in the --allow-fs-read and --allow-fs-write options. The documentation did not make clear that wildcards should only be used as the last character of a file path. This could result in unintended file access being granted. The issue affected users of the experimental permission model in Node.js versions 20 and 21.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 17,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T18:35:59.520Z",
    "submitted_at": "2023-11-19T14:35:40.610Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMzc1NDU=",
    "_id": "2237545",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjY2NzAy",
      "name": "Tobias Nießen",
      "username": "tniessen",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-21892"
    ],
    "cwe": "Privilege Escalation",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjM3NTQ1",
      "databaseId": "2237545",
      "title": "Code injection and privilege escalation through Linux capabilities",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2237545",
      "disclosed_at": "2024-02-15T18:35:43.822Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1NQ==",
        "hacktivity_summary": "A vulnerability was found in Node.js on Linux where it incorrectly applied an exception for the CAP_NET_BIND_SERVICE capability even when other capabilities were set. This allowed unprivileged users to inject code that inherited elevated privileges of the process.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 20,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T18:35:43.960Z",
    "submitted_at": "2023-11-03T03:41:28.732Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNjkxNzc=",
    "_id": "2269177",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjk5MTQ1MQ==",
      "name": "Hubert Kario",
      "username": "hkario",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2023-46809"
    ],
    "cwe": "Use of a Broken or Risky Cryptographic Algorithm",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjY5MTc3",
      "databaseId": "2269177",
      "title": "Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2269177",
      "disclosed_at": "2024-02-15T18:33:32.864Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1NA==",
        "hacktivity_summary": "A timing side-channel vulnerability in the crypto library's privateDecrypt API allowed attackers to remotely exploit and decrypt or forge signatures when processing encrypted messages.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 15,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T18:33:32.951Z",
    "submitted_at": "2023-12-01T14:31:40.431Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMzM0ODY=",
    "_id": "2233486",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTU0",
      "name": "Bartek Nowotarski",
      "username": "bart",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-22019"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjMzNDg2",
      "databaseId": "2233486",
      "title": "http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2233486",
      "disclosed_at": "2024-02-15T18:10:10.187Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1Mw==",
        "hacktivity_summary": "A vulnerability in Node.js HTTP servers was discovered that allowed denial of service (DoS) attacks. By sending specially crafted HTTP requests with chunked encoding, an attacker could cause resource exhaustion on the server. The lack of limitations on chunk extension bytes enabled the server to read an unbounded number of bytes from a single connection, leading to CPU and network bandwidth exhaustion. Standard safeguards like timeouts and body size limits were bypassed.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 12,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T18:10:10.327Z",
    "submitted_at": "2023-10-30T21:18:51.757Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNTk5MTQ=",
    "_id": "2259914",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNTIxNzI5",
      "name": "SeungHyun Lee",
      "username": "xion",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-21891"
    ],
    "cwe": "Path Traversal",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjU5OTE0",
      "databaseId": "2259914",
      "title": "Multiple permission model bypasses due to improper path traversal sequence sanitization",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2259914",
      "disclosed_at": "2024-02-15T17:46:41.175Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE1Mg==",
        "hacktivity_summary": "A vulnerability in the path traversal sanitization of Node.js versions 20 and 21 allowed bypass of the experimental filesystem permission model through path traversal attacks.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 14,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T17:46:41.281Z",
    "submitted_at": "2023-11-21T17:47:24.678Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE2MjI0MzI=",
    "_id": "1622432",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzk5MjE5",
      "name": "ANDRI HU",
      "username": "deb0con",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Server-Side Request Forgery (SSRF)",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNjIyNDMy",
      "databaseId": "1622432",
      "title": "[SSRF] my.stripo.email via the setup-wizard parameter",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1622432",
      "disclosed_at": "2024-02-15T10:44:12.341Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0OQ==",
        "hacktivity_summary": "A vulnerability in the setup wizard allowed SSRF. The issue has been resolved.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 18,
    "team": {
      "handle": "stripo",
      "name": "Stripo Inc",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/042/368/5b1017d17427be6c8e05cbc95da27646bf45e925_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/stripo",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNDIzNjg=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T10:44:12.438Z",
    "submitted_at": "2022-07-01T16:09:15.188Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE2MzEyMjg=",
    "_id": "1631228",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzk5MjE5",
      "name": "ANDRI HU",
      "username": "deb0con",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "HTTP Request Smuggling",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNjMxMjI4",
      "databaseId": "1631228",
      "title": "[demo.stripo.email] HTTP request Smuggling",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1631228",
      "disclosed_at": "2024-02-15T10:43:59.487Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0OA==",
        "hacktivity_summary": "A vulnerability in the demo.stripo.email website was reported, which has since been resolved.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 12,
    "team": {
      "handle": "stripo",
      "name": "Stripo Inc",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/042/368/5b1017d17427be6c8e05cbc95da27646bf45e925_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/stripo",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNDIzNjg=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T10:43:59.560Z",
    "submitted_at": "2022-07-08T10:38:10.741Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE3MDk4MTU=",
    "_id": "1709815",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjM2NTIzNQ==",
      "name": "Sankalpa Baral ",
      "username": "sankalpa_1337",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cleartext Transmission of Sensitive Information",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNzA5ODE1",
      "databaseId": "1709815",
      "title": "Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1709815",
      "disclosed_at": "2024-02-15T10:43:03.250Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0Nw==",
        "hacktivity_summary": "A previously disclosed vulnerability regarding API key disclosure in Stripo was reported as resolved.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 10,
    "team": {
      "handle": "stripo",
      "name": "Stripo Inc",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/042/368/5b1017d17427be6c8e05cbc95da27646bf45e925_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/stripo",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNDIzNjg=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-15T10:43:03.327Z",
    "submitted_at": "2022-09-23T13:07:26.880Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMzQ1NjQ=",
    "_id": "2234564",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjA0NDEyMg==",
      "name": ".",
      "username": "themarkib0x0",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Stored",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjM0NTY0",
      "databaseId": "2234564",
      "title": "Client Side Template Injection to Stored XSS in Image Collection",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2234564",
      "disclosed_at": "2024-02-14T15:33:01.050Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0Ng==",
        "hacktivity_summary": "Client side template injection led to stored XSS in image collection, enabling attacker to steal session cookies and take over accounts.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 33,
    "team": {
      "handle": "mars",
      "name": "Mars",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/Ec9VTTzrRe3u3WK8g4EqRrrP/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mars",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNTA1ODE=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-14T15:33:01.148Z",
    "submitted_at": "2023-11-01T01:00:00.435Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwNzM5NTA=",
    "_id": "2073950",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjY3MzA5MQ==",
      "name": "Enma",
      "username": "haoshokunoo",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Direct Object Reference (IDOR)",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDczOTUw",
      "databaseId": "2073950",
      "title": "IDOR in one subdomain of █████████ -> change information of pets without athorization!",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2073950",
      "disclosed_at": "2024-02-14T15:24:30.898Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0NQ==",
        "hacktivity_summary": "An information disclosure vulnerability was found in a subdomain allowing unauthorized users to modify pet information. This could impact confidentiality and accuracy of data.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 26,
    "team": {
      "handle": "mars",
      "name": "Mars",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/Ec9VTTzrRe3u3WK8g4EqRrrP/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mars",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNTA1ODE=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-14T15:24:30.981Z",
    "submitted_at": "2023-07-18T10:33:34.380Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTI5Njg=",
    "_id": "2352968",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ2MDQxNQ==",
      "name": "",
      "username": "m7x",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzUyOTY4",
      "databaseId": "2352968",
      "title": "Reflected XSS on Pangle Endpoint ",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2352968",
      "disclosed_at": "2024-04-05T00:20:16.465Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI4Ng==",
        "hacktivity_summary": "The summary is as follows:\n\nA cross-site scripting (XSS) vulnerability was found at the Pangle endpoint via the 'redirect' parameter. This was caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. The vulnerability was fixed and additional mitigations were applied.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 82,
    "team": {
      "handle": "tiktok",
      "name": "TikTok",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/roYPkZznCDFmy4VGkFPnbDrc/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/tiktok",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQ5NzA4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 5000,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-05T00:20:16.639Z",
    "submitted_at": "2024-02-02T16:25:34.293Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMTAwMzA=",
    "_id": "2110030",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODAzMjkw",
      "name": "",
      "username": "toormund",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTEwMDMw",
      "databaseId": "2110030",
      "title": "Race Condition Enables Bypassing Verification Check",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2110030",
      "disclosed_at": "2024-04-04T21:55:53.952Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI4NQ==",
        "hacktivity_summary": "A race condition was discovered in the WorldID platform that could enable bypassing the verification check limits. The issue resided in the enforcement of maximum allowed verifications, which was not properly synchronized across parallel requests to the cloud backend service. The fix implemented enforcement of the maximum verifications in the database, making it the source of truth for state.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 37,
    "team": {
      "handle": "toolsforhumanity",
      "name": "Tools for Humanity",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/45seoirc4aacvo7if8bbdzye91e5/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/toolsforhumanity",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYzNjYw",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 3000,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-04T21:55:54.297Z",
    "submitted_at": "2023-08-14T23:14:09.768Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MjQ4MTU=",
    "_id": "2424815",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNTc5NjE=",
      "name": "J. Domingo",
      "username": "0xd0m7",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Path Traversal",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDI0ODE1",
      "databaseId": "2424815",
      "title": "[portswigger.net] Path Traversal al /cms/audioitems",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2424815",
      "disclosed_at": "2024-04-04T14:51:59.272Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 86,
    "team": {
      "handle": "portswigger",
      "name": "PortSwigger Web Security",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/015/252/60e8778f4f1fee57ea2b164a7d2ec1e2d2dd7bc8_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/portswigger",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1MjUy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ManuallyDisclosed",
    "latest_disclosable_activity_at": "2024-04-04T14:51:59.115Z",
    "submitted_at": "2024-03-20T07:26:29.063Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMDk0Mjk=",
    "_id": "2209429",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjYxNDQ2",
      "name": "DxCoder",
      "username": "dxcoder",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjA5NDI5",
      "databaseId": "2209429",
      "title": "Using Branded Hashtag Feature User Partnered with Account Manager Can View Videos Uploaded By A Private TikTok Account If 'item_id' Is Known",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2209429",
      "disclosed_at": "2024-04-03T01:20:58.736Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI4MA==",
        "hacktivity_summary": "The branded hashtag feature on TikTok allowed users partnered with an account manager to view videos uploaded by private accounts if the video ID was known. This vulnerability has been remediated.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 54,
    "team": {
      "handle": "tiktok",
      "name": "TikTok",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/roYPkZznCDFmy4VGkFPnbDrc/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/tiktok",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzQ5NzA4",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-03T01:20:59.008Z",
    "submitted_at": "2023-10-14T21:22:57.358Z",
    "disclosed": true,
    "has_collaboration": true
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MzgyNjU=",
    "_id": "2438265",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTI4MTE=",
      "name": "ooooooo_q",
      "username": "ooooooo_q",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-27281"
    ],
    "cwe": null,
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDM4MjY1",
      "databaseId": "2438265",
      "title": "CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2438265",
      "disclosed_at": "2024-03-29T23:47:42.016Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI3Ng==",
        "hacktivity_summary": "A remote code execution vulnerability was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. The vulnerability was caused by the lack of restrictions on the classes that could be restored when parsing .rdoc_options as a YAML file. Additionally, object injection and resultant remote code execution were possible when loading a crafted documentation cache. The issue has been addressed by releasing updated versions of the RDoc gem.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 68,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQX2GCMNBH%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T161502Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQChubFHE3YwXNQ8M6glIQfaq9%2B0BOZA%2FdJEfEk%2FHQCxEQIgJlSl3PqY%2BNOLy5szfSCW%2BFVPRUi7GANkcsXyS4f4eCQqsgUILxADGgwwMTM2MTkyNzQ4NDkiDOtbhmAFu%2FYnakJ4oyqPBXOlU80i4urq9uT7WLoPN1RbmdvIyjmnTws2EF589tJEd3DChEfgDBTL505Mjfm3ZP%2FHcZXsQRG2uZKTwLN%2BeSmBY8%2Bb40Xx9Uyp9SAGKKBY6eDM5Esy%2Fuj6tiF550pFwVX2IF3ZSQ%2BR3BPfoejPrkHJMLwMnj5ZRg%2FWiXGxIS7DbfpfutszLHvk%2FMFTnoeec7OhPVCB%2Bgy0ZrKFksfJDEbaHX8XDrqlj3CIEO1xj8lUt6JtCkOAadSL6JSRH1Z%2FREWZfpjV1ZGaJKzmH84obiSkP%2BrlOEB6AzPaVDjguVbAGTsvKUf1GHhymjV9CimaJlEPbGo8VPNfqhuY0ips%2FAwsGhl9vJosjdgC2OuBwY6FzK7QMfvlwOzc%2FzllIcgoGVfVyucteihQd%2FnPNObsuWIgRAqWduuWCZ5Hb1NvKQ4wLo0rRW%2BK6gObaL%2FjXRFsVwwxApHUKhXiB1HSJ7c4SZqOagGkHiO8X1ecWktLe0FD0qVmdlj87cMuxMjOXEW38E%2B1G%2BqJZaxFbPvtJElcym1t2ZX74i1TWVm%2FVmDVe2f4gN61WdkIFG%2F4POUF5lcjIc56aqvX33SjBoqjhQeCUDDeHAuTlv9ozrU7chXKKGJUiJDF7I6QczMB%2FFW66W3OSy3zDgplRaSa2qqhtluvwrqdE2WDlha6n55gsoqPJkiMx4udHvMPXT2gS8Y6qxrvofErbl0jtXuheKHZy8Jt%2BmEDxFdJDUhPKMYQlLH%2B8ksifLdqxof3H7mxZsZxXA%2BvQFTcZ%2F5GWsiaMhyBdFxLvGC0PAYAJlQ%2F5nN%2BiiNddY8q1N8lvOXy9k3uax%2B30pG10GGx96LZiqoRW%2BsBWXTUTW2Qi9Uc7TP0oJ3E5J7kMScwnrrasAY6sQG1O6VYUgxbQLDGckO9rOEnY7gbA9reBfXjCDlJ8RJ5Nlw2G9oXHAy24pGzaYoVqi5ucrTPQZvpxHCz%2B4XkyA0IqhlOIM6UO1gR07uQoBKhgvvixSCVzwKt1uu9es9Ioe6warJB8pIbm5fLz3cWyt0146%2BHZ2vvny4qo7hVVISIwqR1420Nbm%2B3BWKsTBk0ysAW0zvh7eFXtyM6b%2BTkiS0Jun41jOd1DCw8OmQD%2FmToKOU%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=0ad6cc049692a775da1710eb7644b21c68207e7b6ac80355e95e4c6349f03479",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 4860,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-29T23:47:43.914Z",
    "submitted_at": "2024-03-27T23:54:54.451Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMTk1ODQ=",
    "_id": "2319584",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTU0",
      "name": "Bartek Nowotarski",
      "username": "bart",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-27983"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzE5NTg0",
      "databaseId": "2319584",
      "title": "\"Assertion failed\" in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2319584",
      "disclosed_at": "2024-04-08T22:25:42.342Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI5MA==",
        "hacktivity_summary": "A vulnerability was discovered in the Node.js HTTP/2 stack (http2) package. An attacker could send a small amount of TCP packets with HTTP/2 frames, causing the Node.js server to crash due to an assertion failure in the Http2Session destructor. The issue occurred when headers with HTTP/2 CONTINUATION frames were sent to the server, and the TCP connection was then abruptly closed, triggering the Http2Session destructor while header frames were still being processed and stored in memory.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 26,
    "team": {
      "handle": "nodejs",
      "name": "Node.js",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/022/984/e600648ace4a8553247bce967d461a030aa81d49_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/nodejs",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyOTg0",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-08T22:25:42.648Z",
    "submitted_at": "2024-01-15T14:48:55.123Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzQ0NDY=",
    "_id": "2334446",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzA2ODU3Mw==",
      "name": "azanul",
      "username": "0xazanul",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2018-6389"
    ],
    "cwe": null,
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzM0NDQ2",
      "databaseId": "2334446",
      "title": "CVE-2018-6389 exploitation - using scripts loader",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2334446",
      "disclosed_at": "2024-02-13T13:20:19.659Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0Mg==",
        "hacktivity_summary": "An unauthenticated denial of service vulnerability in WordPress was discovered, tracked as CVE-2018-6389. By requesting a large number of JavaScript files through the load-scripts.php endpoint, an attacker could consume excessive resources on the server. This vulnerability could allow denial of service attacks.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 36,
    "team": {
      "handle": "publitas",
      "name": "Publitas",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/103/83b23429fe1d8e894f5e774b12356c6809e15b3d_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/publitas",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTAz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-13T13:20:19.715Z",
    "submitted_at": "2024-01-25T14:07:40.495Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwNzY3ODY=",
    "_id": "2076786",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQzOTEyMg==",
      "name": "Siddharth Tayade",
      "username": "mega9",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": null,
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDc2Nzg2",
      "databaseId": "2076786",
      "title": "Host Header Injection - internal.qa.delivery.indrive.com",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2076786",
      "disclosed_at": "2024-02-12T10:42:44.308Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzEzMg==",
        "hacktivity_summary": "A vulnerability was found where the Host header was not properly validated or escaped, allowing an attacker to inject arbitrary Host header values and manipulate server-side behavior. This could allow redirection to malicious sites for phishing.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 51,
    "team": {
      "handle": "indrive",
      "name": "inDrive",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/765s9sszvp9zyt9qwkeaa52vvkf3/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/indrive",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODU3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-12T10:42:44.374Z",
    "submitted_at": "2023-07-20T06:49:15.880Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMjM2ODA=",
    "_id": "2123680",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvOTY1NTA=",
      "name": "d0xing",
      "username": "d0xing",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Misconfiguration",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTIzNjgw",
      "databaseId": "2123680",
      "title": "Subdomain takeover on one of the subdomain under mozgcp.net",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2123680",
      "disclosed_at": "2024-02-11T13:05:08.568Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzEyOQ==",
        "hacktivity_summary": "A dangling DNS record for a subdomain of mozgcp.net was discovered, allowing researchers to host content on the subdomain.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 2,
    "team": {
      "handle": "mozilla_core_services",
      "name": "Mozilla",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/0p8e6gg8xoy45dhjxs5wh4iti6k8/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mozilla_core_services",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYxMjM2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-11T13:05:08.689Z",
    "submitted_at": "2023-08-25T16:33:36.125Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMjc0Njk=",
    "_id": "2127469",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvOTY1NTA=",
      "name": "d0xing",
      "username": "d0xing",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Misconfiguration",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTI3NDY5",
      "databaseId": "2127469",
      "title": "Subdomain takeover on one of the subdomain under mozaws.net",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2127469",
      "disclosed_at": "2024-02-11T13:03:59.251Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzEyOA==",
        "hacktivity_summary": "A dangling DNS record enabled subdomain takeover on a mozaws.net subdomain. Researchers exploited this to host content on the affected subdomain.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 1,
    "team": {
      "handle": "mozilla_core_services",
      "name": "Mozilla",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/0p8e6gg8xoy45dhjxs5wh4iti6k8/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mozilla_core_services",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYxMjM2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-11T13:03:59.340Z",
    "submitted_at": "2023-08-29T12:29:42.548Z",
    "disclosed": true,
    "has_collaboration": true
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMjk3OTE=",
    "_id": "2129791",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvOTY1NTA=",
      "name": "d0xing",
      "username": "d0xing",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Misconfiguration",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTI5Nzkx",
      "databaseId": "2129791",
      "title": "Subdomain takeover on one of the subdomain under mozaws.net",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2129791",
      "disclosed_at": "2024-02-11T13:03:09.473Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzEyNw==",
        "hacktivity_summary": "A dangling DNS record enabled subdomain takeover on a mozaws.net subdomain. Researchers exploited this to host content on the affected subdomain.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 1,
    "team": {
      "handle": "mozilla_core_services",
      "name": "Mozilla",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/0p8e6gg8xoy45dhjxs5wh4iti6k8/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mozilla_core_services",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYxMjM2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-11T13:03:09.577Z",
    "submitted_at": "2023-08-31T06:02:14.660Z",
    "disclosed": true,
    "has_collaboration": true
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIxMzkyNjA=",
    "_id": "2139260",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNzY1NzA2",
      "name": "Sunny Kumar",
      "username": "hulkvision_",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Privacy Violation",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMTM5MjYw",
      "databaseId": "2139260",
      "title": "Intent Leads To Unauthorised Video Call Initiation Leaking Surrounding Informations Of Victim",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2139260",
      "disclosed_at": "2024-04-05T18:36:35.943Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI4Nw==",
        "hacktivity_summary": "The Snapchat Android application was found to contain a vulnerability that allowed a malicious user to initiate an unauthorized video call with a victim. The vulnerability was triggered by a deep link that, when clicked by the victim, forced the victim's Snapchat application to initiate a video call with the attacker's conversation.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 52,
    "team": {
      "handle": "snapchat",
      "name": "Snapchat",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/513/87067c5c4ed63c2c07a522ca3198d2310e2a14c6_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/snapchat",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzUxMw==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-05T18:36:36.142Z",
    "submitted_at": "2023-09-07T10:11:31.427Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNjYwODE=",
    "_id": "2266081",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjA1NjMwMg==",
      "name": "Stux",
      "username": "stuux",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "SQL Injection",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjY2MDgx",
      "databaseId": "2266081",
      "title": "Blind SQL Injection on █████ via URI Path",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2266081",
      "disclosed_at": "2024-02-14T15:24:09.267Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzE0NA==",
        "hacktivity_summary": "A time-based SQL injection vulnerability was present in a web application, allowing attackers to extract information from the database.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 17,
    "team": {
      "handle": "mars",
      "name": "Mars",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/Ec9VTTzrRe3u3WK8g4EqRrrP/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mars",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vNTA1ODE=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-02-14T15:24:09.373Z",
    "submitted_at": "2023-11-28T17:25:54.227Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0Mjk4OTQ=",
    "_id": "2429894",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTM5MzIzMw==",
      "name": "hunt1",
      "username": "hunt1",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-24806"
    ],
    "cwe": "Server-Side Request Forgery (SSRF)",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDI5ODk0",
      "databaseId": "2429894",
      "title": "Libuv: Improper Domain Lookup that potentially leads to SSRF attacks",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2429894",
      "disclosed_at": "2024-03-29T22:54:22.421Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI3NQ==",
        "hacktivity_summary": "The vulnerability in the libuv library was caused by the improper truncation of hostnames to 256 characters before calling the getaddrinfo function. This behavior allowed the creation of addresses like 0x00007f000001, which were considered valid by getaddrinfo, potentially leading to SSRF attacks and internal API access.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 51,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ4LZXK4BL%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T163002Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIAWF7ERZlQuSapMLAo%2F%2FQe3mx9flIvFF27aSh8uGHDNUAiEA3h%2F%2BhqtyfRUX1F3RpISdmOOw%2BpGM0wzXCHdtzGy%2BNgoqsgUILxADGgwwMTM2MTkyNzQ4NDkiDFkWu3D0e3LiZ3enAiqPBeG6K%2BWYzLx%2FN45RvZPQp8GsfS7HQfSTLrEF6JddV5W2QtYvi6Ha0lAjnzFTSIoU%2FvDnOyAeLNOA7xzexGtlb6HEiObpjUxB%2F2yiM2sjxbGF7vUoRVmmmqmiPy00%2FGK%2Fn85VqlCW4rMzM63hiJy9OD4TZPOas57RNwny%2Bj4JsJfjb2NBUPCJ7gUC%2F8SxoCbtdygNES0g5RIOTAEP4Yub3XAaImumswm61CpDYgCgN3JUKv0OWZQD2bqzJcJhKonWHDRrLYnbKmDc%2Bzklp21LBUfRFoXGF%2F2LyInnrchcVtDy7YbrjRdryEp%2BMlXH1oMcm4RPsxcUWrhEn1LwPi%2Bvt%2BEiHzKmeGOmqfWoFP6ITM8qfIeZrglhm48beeJ3BVHpzFwtLThvEOL8aidn6f6G30dJQ79m8mGyA7LUsc13H3eh%2F8gSwWTO8QYgmIqn7Ht2gAes51qlshgBr%2FUSL5R51R%2Bv8jZiKqp3sPYAB9rCacAiGUJ293zx1aUYpPgGgpjvHo4Ic%2BOv3%2FaeUPsMWBjK2htVy2PiYi6O7vP2dbSMRJ1yQ%2B0MqswQy2ReZrPtXOCk3Tqr4qjbxHYoVcRlkPJkIeisYXQ1sQ1e%2BWq173TJUzAdowrPUIWTm8WKVMJnfyjladyZo9FfZIvbcHWMhcJPwv87zIYw8VJ6Y9huj9sss9Gx1Z9VIcPiHPK4dMpjQdh6rlkhxFiyoxl%2FfBg6lpOMXIycmU36KiWsoDJoR7PpeWJ4ZuspWMRFVzuXWqi%2FyZoxOtJ8E1q5pwn18JAZVxSeMpfhlrBtz8Lh5mBG5qlrdyDqhdZ1jPTFCYh%2FZzxlL%2FArvk3yWC6e4mgIFed0Ihpjo%2FX3it9awuSaVs2nmd9rd68wvLrasAY6sQENouxC7PUIlmFsJT4c%2Bw%2BYbdWBmP6vgZzOa7zrCjjxle3IAPTcynvgTuMutGzspU5TYEqyFri12QVsdqgn3yY4G3ek0GigDnikQPeg9BQzp5UZGZ87%2BMyHWUoCJrbKJOrQkATbaC9MfunfPiJOuK37DB1LD1iOR6aBRWWZSy%2BXtfVHn0cQWQCZDHZeIyUv6xIOzLW55e3ywmjb0u9CdmZA8ydBLCOCAghRLEf1FEmnCeM%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=59712e4322b90aaa823c32c41f138c71acef623a95a28192e24b01f7cc9f4913",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 4860,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-29T22:54:23.406Z",
    "submitted_at": "2024-03-21T18:47:15.488Z",
    "disclosed": true,
    "has_collaboration": true
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MzU0ODI=",
    "_id": "2435482",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzE0MzU1NA==",
      "name": "frankyueh",
      "username": "frankyueh",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2466"
    ],
    "cwe": "Improper Certificate Validation",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDM1NDgy",
      "databaseId": "2435482",
      "title": "CVE-2024-2466: TLS certificate check bypass with mbedTLS (reward request)",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2435482",
      "disclosed_at": "2024-03-29T19:44:21.950Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI3NA==",
        "hacktivity_summary": "CVE-2024-2466: TLS certificate check bypass with mbedTLS. The vulnerability was reported in libcurl, where it did not check the server certificate of TLS connections made to a host specified as an IP address when built to use mbedTLS. This caused the certificate check to be completely skipped, affecting all uses of TLS protocols.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 35,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQRQG4MGRH%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T163102Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIFwQ5ycoauvnrADaRAzfgaLkY2QywdIOc1A0uP9pjRSjAiEA%2Fwk3S4j6A%2FpJhyUct5xbiqCObmhNjX3VB5%2FVjil%2FwAsqsgUILhADGgwwMTM2MTkyNzQ4NDkiDCd%2F6fL312hQ5UjLWyqPBULhVFERxz%2FGbqlyV%2B4svsJKQRJz4b9OZ%2FAqchBSXn4rOuvZcz9AXJ3Wa2d3zAPFb3UekCBrpGZpkxGtqKFZjXP9naPhKK0PPp44NgEvQODATPNKNTcbU28D9WwvkVqNqtW%2BxCATlX9DdCn0rvLmHCR0fTj6f7usjEAO8i86kc3OoOmQ8SOa42tmwGXcprik9Iiw%2Fark3hnVyZ0gkfkMEmEVMwfbLQWZvfu3mtDkyX8Rbz4XiZTyzwF3h8m0c6hSqDNkSE55U4j%2BC0MGnT%2Fd54QP5H1CuWJa8%2BLWRrb2CQuHybJL%2FLOgbLORh%2Bi3Gz%2BSLxT19ly4nDLWlY6oxp2aesyGDoMCc8N6AXJApSMwVQ6ONkTq9V%2FiQBsVpgwDUBXs3v%2BSwHeAlN8bLtX6V9uHk%2BniZfQikmeDIMPmKCFTOu5FN8E0tLd44iIV3lx%2FfMWDkD5hR74rrS9YQKqxx5Z2cd5lAfG4sJCNSiNNLirc0akSnQJUAiyPElOD4u5SVWDM%2BlsBaCY3AOoHQOyq9BzIiHGnmQiBxxw%2B1%2FuDmNWEbZ8dy0g5L4PI12TjUEPVW9nX4boxyVq0vAKaLDtO07NMRTe5LDIVaBPB8LbTV9SnJWKGO1OhAsysnrFAyEKZ9pnVcaYDp4KYuaYdcfMKY4UvSM8HvJf1ZuSt3KvMya7m4QunvCygCqDExzhNdoSu52jFjaGnOfrZqnLgRTEBdbfK5gmgNsfl2ui0C%2F%2BOTuUxNHSmpHplgrl5W3BqrZ4pyt8J4fB0J5iocct%2Fm6mJXeFkcmMlAOFeQJERYJ728OGXiLJiTE5Lbqx%2B9gCZsFKai%2FYdLid0rIk%2FgwNYOHbu1QnM72w%2Bg70W9WC7BSR%2FSCr1zpAw%2BaDasAY6sQHX6Z3CDVSkMrb%2FQ3%2BUNIDgrLAn2kyfneiEMl%2FRmvQYCII2QdqvPVBYUUG4xtMCzGDOuDtVfk6wxDpTaPwSPToZvGXemJdGL%2FLwPyS%2BvGArC04xuzDiw3InMsV7SbudGc0oGpzybhwt3pfIhLovnz1g7Hyw1k9BqV4puwfR0M8mKS6KOJ1kYc3UWYz1raaCd7%2FsrerzCWoAgmJPSI2Al2VNz3Y0SDdmThkx3Pr1AKHORWo%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=c030ee2238d4374439ac9389290915acd689bdb6102e3dd225c564e5089403e9",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 2580,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-29T19:44:23.336Z",
    "submitted_at": "2024-03-27T09:50:13.527Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MzcwNTA=",
    "_id": "2437050",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzEzOTM4Nw==",
      "name": "Dexter Gerig",
      "username": "fullmetal5",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2379"
    ],
    "cwe": "Improper Certificate Validation",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDM3MDUw",
      "databaseId": "2437050",
      "title": "CVE-2024-2379: QUIC certificate check bypass with wolfSSL",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2437050",
      "disclosed_at": "2024-03-29T19:20:55.450Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI3Mw==",
        "hacktivity_summary": "CVE-2024-2379 was a vulnerability in libcurl's QUIC implementation where certificate verification was skipped under certain conditions when using the wolfSSL library. The vulnerability was caused by an error path that accidentally returned success when encountering unknown or unsupported ciphers or curves, bypassing the certificate check.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 27,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ53BX6TGY%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T163202Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJIMEYCIQCFPEwls7n35K%2FpmX%2F7xRNDU6y%2BCFkK7ksi2qK77AFOTwIhAJJJ1h07ihZmeZ9rZJDL1CWqpzgGo9yQd4pKBxGmidduKrIFCC8QAxoMMDEzNjE5Mjc0ODQ5IgypsCuZbLTi%2B%2BLCzu4qjwUjE939o0JnWbMPnDweQfKJ3lvu4UPW1a7KGinIzVCLxuxlA9jxnt52Mdqijb%2FnYpR%2FsZ5jlPVaInGGvjxGIkxhCeH50Rczi80P5%2B1CJBZRa2expw3zG%2B6euD0dw7jDcysylrZD9Aci7k491QHl7jJANGQUePjuiWHitYi9EZ7nogXwvPnftMKQ3epZpmvae%2FcXVk31hUssDI91SN2mXPzE7IqT9920NNHOstfyHHK%2BeIJROe6gEOgWJOpyyB2MVu7bF1yIbNyc%2FrmbXKoLvoNa4XydihyoG64L5JlfWNaXgzhXVvyFiufiFWfx52MDki4COuYn1Fjhg3SaFACqAdu2wqYTpSU5jX8wgaWj173ANCFQf9oddUUo3Wt%2B0MlKza5BXrnIqcTIV%2Bmub07rKq97v0gGDYdDT1%2FaQwNeDHk%2FzzPd3n5RV3TaKrj5EIy%2FAtfs%2F93z87Wr42OcOxf60TnPK4zF5kAuF0115g6Q4DTb%2FFN96HLJjsgQfwMKMmP7gQVIDQz%2FTzVVRxYjenCljhoqA5i3KNj3TdXXxi2H64MA4nx7ECKbrZ0gtboGG5toIRv74OUvSVHgmeF5pyRrzxRERfKaUEqhFGRUwXEmusyBOiR8qS57mq23avVEhwsSOCKIOO2LGUhP7hVRdIGSDT8dDQbmNUmGREqI2r9zTxJhgVRXaXqH5bHUEfwAAZX7jcndfB0xbTnzHphQ0MvRdu%2BxhIlopL2lhhWK6fpP6ETrGLpHNpiXZdz2p0w8s92I5cbZe7TGFxKklRiPDURXw0lZKq20QrRrpoqy6OnnQeYTU6CCFzTBTVqEh0p5ma0GsL7EcTpVV3YdAY9IM%2BQjUr1qFnPP4UYjeCgAjLD5RcMqMN6x2rAGOrABNQ9a5Q3XBVYzN9FIVYF%2BNlhAP%2BepLAaWpOSHKZMTDQVIdu7xn2X87Tr3Csr0Zl4sDe1jps4wE0MtL%2FizpFJ8hhyaLBqBaUzi05wDSBdGHDuQLEhvuTaZ346diksHNYoCR3sI5ozgSaN4CSYunZx%2F4S%2BfLwgNDE5jOEAZ%2BmUBZphyOQtTWK9G7r7HI2VZrainXhhFSkxX%2FmYWE2DwSOv4qRX%2BEhWRViX5KMw7trKQfVI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=bb276b73c84a6d2955c26cda68768df8e05807c7eae1c5fe5a86fc2fcdbd69e3",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 560,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-29T19:20:56.838Z",
    "submitted_at": "2024-03-27T16:39:44.486Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MzcxMzE=",
    "_id": "2437131",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNTkxMDM3",
      "name": "Dan Fandrich",
      "username": "dfandrich",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2004"
    ],
    "cwe": "Cleartext Transmission of Sensitive Information",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDM3MTMx",
      "databaseId": "2437131",
      "title": "Usage of disabled protocol in curl",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2437131",
      "disclosed_at": "2024-03-29T18:31:08.016Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI3Mg==",
        "hacktivity_summary": "CVE-2024-2004 was a vulnerability in the usage of disabled protocols in curl. When a protocol selection parameter option disabled all protocols without adding any, the default set of protocols remained in the allowed set due to an error in the logic for removing protocols. This flaw was assessed to be of low severity by the curl security team.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 24,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ62ZAC6VW%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T163402Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQCslF5MN5XvArXdGPY7A8WzqHUCClAijwzibDvulZ1HKQIgSSfTCeqdnH7Ahp2dV3tNwvFWIS8r3bkoQjvKMVvJD0UqsgUILhADGgwwMTM2MTkyNzQ4NDkiDPBvof7VTnhSc2weDSqPBTjmA3QTdf556xEsHqPpTMJReULxCbUwvoqwVnxgLfEJkKODC3k6tF1q59FdJQsM%2FUela3Psct70FDaYKvGOrVuHwbWULGq%2FXoQWbcl0u9aLMmB3HhuIPldh%2Fx9M9qLFzXlAwNXssH7UuA7kkHCErGcAt0H9J1e8nr6s0HgpISGtGt0g8v3Cr3XCBFSw6Rn9LvLiOLSOSk292o5sgL5VV7r85QNedFx0gEVx4wn%2B7M9%2B4tdgqWYRFoDq4aUSS35zoSqevY7o2DQ%2FXfBSE2XrlOEhJpnRe2pyShFRq11OWxVnxBjvlkmS91mnZh3DM9wvePER2FZ16cA1RRHNpxrP0P%2Fu0wkZ71l87G%2FRVnv5OcslCQHzJLkM%2Fr3Ubkmt1RwR3KIZWrtc%2BwHsSq6n2cERJC5qiryR0goW%2Fg%2FGElAdLpbw9upjC8MSjciRhYM03p75EpIK97azFsMllNVEIi7seuPW5Lrcvgynw3nJYgbyZq9sAGjPdqUDeG9JcAjBEhIrRsWqEpfeLcaD4x02r%2BIVNNLPaWHeHwAlGrsk%2FoeUbjqvfKccZoditp37O6ijNF1sWeZSzeozx2ls%2B%2B0vlbaaKHOBucMCSan4mbAmIXOL4oXh5RlXlY%2BbHv2UBlvi0faaVSGjAR2Xb79qol5xA3igSW%2Fdkb%2Fc4OsfiUx1Aml5pkXAShrerpbfiBVvwz9emZa%2BcUD6Bg%2FRiXIavgTHjiDqsqt3LrsnVJfKVOJqgt%2FMM6mIiEkHGtusIwxrKaaf3UVAlV5wJXtEP0aW3WYYweRghVEcxB2FzErjCFf6w6Nb5yjOAWa69woXJ3Z7kV8xwQOCAyQ%2FIJl6D2DP2c67MMgDN5koZB8gdHR17SxXT7%2F24CAwoKTasAY6sQG0rjeVRG6%2FYoT9xB6C6E6BEP4M3KYQ9YL6vDA2d075yn8CcOBtB3oOYv5G4PerijbAsZYTgHAnTyUuXY5FfmcbkBygyq36Pz%2F3RF7dzxqejbibDRicf56tW8jZsVPhk88vkFeRvN4KXfqA%2FlTy%2F%2B3US9nPYhHwAw3HGbnn%2BrZklfHtE5YssJw6kesDPu7tgsmknsdjXxKizF1BTpmoOz3hRzhGOEnta89MmInAhwpiOSA%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=3e7d8a22068f54c889ede5e0e012887eca098147d2005147e109402b5b40d801",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 560,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-29T18:31:08.984Z",
    "submitted_at": "2024-03-27T18:16:38.575Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMTA2MjA=",
    "_id": "2310620",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTQ5NTQ3Ng==",
      "name": "bml0ZXNoIHBhdGVsCg==",
      "username": "nitsec7",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzEwNjIw",
      "databaseId": "2310620",
      "title": "New Hacktivity features:Bounty rewards leakage Where programs doesn’t decide to disclose bounty in limited disclosure report",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2310620",
      "disclosed_at": "2024-03-28T11:27:32.680Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2OQ==",
        "hacktivity_summary": "The report describes a vulnerability where users could access hidden bounty information on the HackerOne Hacktivity page. Specifically, by using a filter to search for reports with a specific total awarded amount, the actual bounty amount was revealed, even if the program chose to limit the disclosure. This allowed unauthorized access to sensitive bounty details that programs intended to keep private.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 75,
    "team": {
      "handle": "security",
      "name": "HackerOne",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/013/fa942b9b1cbf4faf37482bf68458e1195aab9c02_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/security",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-28T11:27:32.972Z",
    "submitted_at": "2024-01-10T07:10:41.233Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTI2NzY=",
    "_id": "2352676",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNzkyNjc4",
      "name": "yilz",
      "username": "iylz",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insufficiently Protected Credentials",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzUyNjc2",
      "databaseId": "2352676",
      "title": "cookie is sent on redirect",
      "substate": "not-applicable",
      "url": "https://hackerone.com/reports/2352676",
      "disclosed_at": "2024-03-28T08:56:28.173Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 23,
    "team": {
      "handle": "curl",
      "name": "curl",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/035/663/2faf4c279d437d64bfda6d23d62ce1833813a4d9_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/curl",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM1NjYz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-28T08:56:28.333Z",
    "submitted_at": "2024-02-02T09:26:50.071Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzODQ4MzM=",
    "_id": "2384833",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvNTkxMDM3",
      "name": "Dan Fandrich",
      "username": "dfandrich",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2004"
    ],
    "cwe": "Misinterpretation of Input",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzg0ODMz",
      "databaseId": "2384833",
      "title": "CVE-2024-2004: Usage of disabled protocol",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2384833",
      "disclosed_at": "2024-03-27T17:48:56.893Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2OA==",
        "hacktivity_summary": "The usage of the disabled protocol in some circumstances with the `--proto` option can enable all protocols after being given `-all`, potentially leading to sending sensitive data over an unencrypted channel. The vulnerability was introduced in version 7.85.0 of curl when the string-based protocol selection was added. The issue was caused by the failure in curl's mechanism to prevent the unencrypted transfer of data.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 27,
    "team": {
      "handle": "curl",
      "name": "curl",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/035/663/2faf4c279d437d64bfda6d23d62ce1833813a4d9_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/curl",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM1NjYz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T17:48:58.329Z",
    "submitted_at": "2024-02-21T19:56:12.137Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNDEwNjM=",
    "_id": "2341063",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQ3Mzk2Nw==",
      "name": "Hiroki Kurosawa",
      "username": "kurohiro",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-0853"
    ],
    "cwe": null,
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzQxMDYz",
      "databaseId": "2341063",
      "title": "CVE-2024-0853: OCSP verification bypass with TLS session reuse",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2341063",
      "disclosed_at": "2024-03-27T17:36:56.236Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2Nw==",
        "hacktivity_summary": "CVE-2024-0853 was a vulnerability in the cURL library where OCSP verification was bypassed when reusing a TLS session. The vulnerability was caused by cURL inadvertently keeping the SSL session ID in its cache even when the OCSP stapling verification failed. This allowed subsequent transfers to the same hostname to succeed without verifying the certificate status, as the session ID cache was still fresh. The issue was limited to cURL built with OpenSSL and using TLS 1.2, and was patched in version 8.6.0.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 20,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQRQG4MGRH%2F20240410%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240410T163501Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIFwQ5ycoauvnrADaRAzfgaLkY2QywdIOc1A0uP9pjRSjAiEA%2Fwk3S4j6A%2FpJhyUct5xbiqCObmhNjX3VB5%2FVjil%2FwAsqsgUILhADGgwwMTM2MTkyNzQ4NDkiDCd%2F6fL312hQ5UjLWyqPBULhVFERxz%2FGbqlyV%2B4svsJKQRJz4b9OZ%2FAqchBSXn4rOuvZcz9AXJ3Wa2d3zAPFb3UekCBrpGZpkxGtqKFZjXP9naPhKK0PPp44NgEvQODATPNKNTcbU28D9WwvkVqNqtW%2BxCATlX9DdCn0rvLmHCR0fTj6f7usjEAO8i86kc3OoOmQ8SOa42tmwGXcprik9Iiw%2Fark3hnVyZ0gkfkMEmEVMwfbLQWZvfu3mtDkyX8Rbz4XiZTyzwF3h8m0c6hSqDNkSE55U4j%2BC0MGnT%2Fd54QP5H1CuWJa8%2BLWRrb2CQuHybJL%2FLOgbLORh%2Bi3Gz%2BSLxT19ly4nDLWlY6oxp2aesyGDoMCc8N6AXJApSMwVQ6ONkTq9V%2FiQBsVpgwDUBXs3v%2BSwHeAlN8bLtX6V9uHk%2BniZfQikmeDIMPmKCFTOu5FN8E0tLd44iIV3lx%2FfMWDkD5hR74rrS9YQKqxx5Z2cd5lAfG4sJCNSiNNLirc0akSnQJUAiyPElOD4u5SVWDM%2BlsBaCY3AOoHQOyq9BzIiHGnmQiBxxw%2B1%2FuDmNWEbZ8dy0g5L4PI12TjUEPVW9nX4boxyVq0vAKaLDtO07NMRTe5LDIVaBPB8LbTV9SnJWKGO1OhAsysnrFAyEKZ9pnVcaYDp4KYuaYdcfMKY4UvSM8HvJf1ZuSt3KvMya7m4QunvCygCqDExzhNdoSu52jFjaGnOfrZqnLgRTEBdbfK5gmgNsfl2ui0C%2F%2BOTuUxNHSmpHplgrl5W3BqrZ4pyt8J4fB0J5iocct%2Fm6mJXeFkcmMlAOFeQJERYJ728OGXiLJiTE5Lbqx%2B9gCZsFKai%2FYdLid0rIk%2FgwNYOHbu1QnM72w%2Bg70W9WC7BSR%2FSCr1zpAw%2BaDasAY6sQHX6Z3CDVSkMrb%2FQ3%2BUNIDgrLAn2kyfneiEMl%2FRmvQYCII2QdqvPVBYUUG4xtMCzGDOuDtVfk6wxDpTaPwSPToZvGXemJdGL%2FLwPyS%2BvGArC04xuzDiw3InMsV7SbudGc0oGpzybhwt3pfIhLovnz1g7Hyw1k9BqV4puwfR0M8mKS6KOJ1kYc3UWYz1raaCd7%2FsrerzCWoAgmJPSI2Al2VNz3Y0SDdmThkx3Pr1AKHORWo%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=1b95a2954fddcb4a863aa908f8fc549f7c024820c77b2285d1f9250c154396c9",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T17:37:00.027Z",
    "submitted_at": "2024-01-31T13:23:36.330Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MDI4NTM=",
    "_id": "2402853",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjU0ODY0NQ==",
      "name": "w0x42",
      "username": "w0x42",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDAyODUz",
      "databaseId": "2402853",
      "title": "HTTP/2 PUSH_PROMISE DoS",
      "substate": "informative",
      "url": "https://hackerone.com/reports/2402853",
      "disclosed_at": "2024-03-27T10:53:44.183Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 18,
    "team": {
      "handle": "curl",
      "name": "curl",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/035/663/2faf4c279d437d64bfda6d23d62ce1833813a4d9_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/curl",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM1NjYz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T10:53:47.081Z",
    "submitted_at": "2024-03-05T17:05:32.731Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MTY3MjU=",
    "_id": "2416725",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzE0MzU1NA==",
      "name": "frankyueh",
      "username": "frankyueh",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2016-3739",
      "CVE-2013-4545",
      "CVE-2013-6422",
      "CVE-2014-0139",
      "CVE-2014-1263",
      "CVE-2014-2522",
      "CVE-2014-8151",
      "CVE-2024-2466"
    ],
    "cwe": "Improper Validation of Certificate with Host Mismatch",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDE2NzI1",
      "databaseId": "2416725",
      "title": "CVE-2024-2466: TLS certificate check bypass with mbedTLS",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2416725",
      "disclosed_at": "2024-03-27T10:44:42.575Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2Ng==",
        "hacktivity_summary": "The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from versions 8.5.0 to 8.6.0.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 14,
    "team": {
      "handle": "curl",
      "name": "curl",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/035/663/2faf4c279d437d64bfda6d23d62ce1833813a4d9_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/curl",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM1NjYz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T10:44:42.825Z",
    "submitted_at": "2024-03-14T14:38:37.627Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MDI4NDU=",
    "_id": "2402845",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjU0ODY0NQ==",
      "name": "w0x42",
      "username": "w0x42",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2398"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDAyODQ1",
      "databaseId": "2402845",
      "title": "CVE-2024-2398: HTTP/2 push headers memory-leak",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2402845",
      "disclosed_at": "2024-03-27T10:33:14.061Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2NQ==",
        "hacktivity_summary": "CVE-2024-2398 was a memory-leak vulnerability in the HTTP/2 push headers implementation of libcurl. For each incoming PUSH_PROMISE header, a new string was allocated and stored in an array. When the number of headers exceeded a threshold, libcurl freed the array but forgot to free the individual string elements, leading to a memory leak. This could be triggered by a malicious server continuously sending PUSH_PROMISE frames with over 1000 headers, eventually consuming all available memory.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 10,
    "team": {
      "handle": "curl",
      "name": "curl",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/035/663/2faf4c279d437d64bfda6d23d62ce1833813a4d9_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/curl",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM1NjYz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T10:33:14.254Z",
    "submitted_at": "2024-03-05T16:56:33.627Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MTA3NzQ=",
    "_id": "2410774",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMzEzOTM4Nw==",
      "name": "Dexter Gerig",
      "username": "fullmetal5",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2379"
    ],
    "cwe": "Improper Certificate Validation",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDEwNzc0",
      "databaseId": "2410774",
      "title": "CVE-2024-2379: QUIC certificate check bypass with wolfSSL",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2410774",
      "disclosed_at": "2024-03-27T07:37:36.622Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2NA==",
        "hacktivity_summary": "The vulnerability in `vquic-tls.c` in the `curl_wssl_init_ctx` function allowed for a certificate check bypass when using the WolfSSL backend. The error handling was not properly implemented, resulting in a potential bypass of the certificate verification requirements.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 8,
    "team": {
      "handle": "curl",
      "name": "curl",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/035/663/2faf4c279d437d64bfda6d23d62ce1833813a4d9_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/curl",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM1NjYz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T07:37:36.891Z",
    "submitted_at": "2024-03-10T21:32:06.455Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MzM2MzQ=",
    "_id": "2433634",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTQ4MDM1NQ==",
      "name": "Aviv Keller",
      "username": "redyetihacks",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - DOM",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDMzNjM0",
      "databaseId": "2433634",
      "title": "XSS in GOCD Analytics Plugin",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2433634",
      "disclosed_at": "2024-03-27T01:47:30.965Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2Mg==",
        "hacktivity_summary": "The vulnerability was discovered in the GOCD Analytics Plugin, specifically in the info-message.js file. The vulnerability allowed for Cross-Site Scripting (XSS) attacks by injecting malicious code through the `?msg=` parameter. The vulnerable code failed to properly sanitize the user-supplied input, leading to the injection of arbitrary HTML and JavaScript into the affected page.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 16,
    "team": {
      "handle": "gocd",
      "name": "GoCD",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/013/559/870f3bcab332d087cde7b75fe2922e93615e3f78_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/gocd",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTM1NTk=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-27T01:47:31.146Z",
    "submitted_at": "2024-03-25T18:10:29.474Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNTczNzQ=",
    "_id": "2257374",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjk3NjI4OQ==",
      "name": "David",
      "username": "itsdavid",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Business Logic Errors",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjU3Mzc0",
      "databaseId": "2257374",
      "title": "Bypassing x profile verification to receive instant blue checkmark and unlimited profile changes",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2257374",
      "disclosed_at": "2024-03-26T20:02:21.448Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2MQ==",
        "hacktivity_summary": "The vulnerability allowed users to bypass the profile verification process on X by upgrading and downgrading their plan immediately after changing their profile picture. This permitted continuous profile picture changes without review.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 30,
    "team": {
      "handle": "x",
      "name": "X (Formerly Twitter)",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/ikx4ept298unt534kpz4am2bd4zs/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/x",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYx",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 250,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-26T20:02:23.820Z",
    "submitted_at": "2023-11-19T20:50:41.601Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MDQ0MTU=",
    "_id": "2404415",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjg0NDk2NA==",
      "name": "0verw4tch",
      "username": "0verw4tch",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDA0NDE1",
      "databaseId": "2404415",
      "title": "View any user email using the Team's audit log section",
      "substate": "duplicate",
      "url": "https://hackerone.com/reports/2404415",
      "disclosed_at": "2024-03-26T14:00:46.469Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 40,
    "team": {
      "handle": "security",
      "name": "HackerOne",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/013/fa942b9b1cbf4faf37482bf68458e1195aab9c02_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/security",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-26T14:00:46.897Z",
    "submitted_at": "2024-03-06T17:33:02.738Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzODIxMjA=",
    "_id": "2382120",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjg0NDk2NA==",
      "name": "0verw4tch",
      "username": "0verw4tch",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzgyMTIw",
      "databaseId": "2382120",
      "title": "Creation of bounties through Customer API leads to private email disclosure",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2382120",
      "disclosed_at": "2024-03-26T13:10:59.472Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI2MA==",
        "hacktivity_summary": "The creation of bounties through the Customer API led to the disclosure of private email addresses. The vulnerability was demonstrated by using both the API and GraphQL requests to award a program bounty to a user, which then exposed the email address of that user in the response.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 47,
    "team": {
      "handle": "security",
      "name": "HackerOne",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/000/013/fa942b9b1cbf4faf37482bf68458e1195aab9c02_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/security",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzEz",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-26T13:11:00.191Z",
    "submitted_at": "2024-02-20T16:22:43.419Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyOTQ5MzA=",
    "_id": "2294930",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjM0MTk5Nw==",
      "name": "Oxylis",
      "username": "oxylis",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cleartext Storage of Sensitive Information",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjk0OTMw",
      "databaseId": "2294930",
      "title": "███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2294930",
      "disclosed_at": "2024-03-22T17:55:12.446Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1OQ==",
        "hacktivity_summary": "The ████████ portal was found to be leaking sensitive personal information, including full names, email addresses, and phone numbers of its users. The issue was caused by a misconfiguration that allowed registered users to access records of other users, potentially exposing the data of hundreds of thousands of individuals.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 78,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:55:12.537Z",
    "submitted_at": "2023-12-22T03:08:41.886Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzQ0MjA=",
    "_id": "2334420",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvODQ3NjA4",
      "name": "Tomi García",
      "username": "archyxsec",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Authentication - Generic",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzM0NDIw",
      "databaseId": "2334420",
      "title": "Improper Authentication (Login without Registration with any user) at ████",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2334420",
      "disclosed_at": "2024-03-22T17:50:41.409Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1OA==",
        "hacktivity_summary": "The ████ system was vulnerable to an improper authentication issue. Attackers could log in as any user without registration by exploiting the **signin** parameter in the ██████████ endpoint. This allowed them to authenticate and change the session of a victim to any other user.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 49,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:50:41.513Z",
    "submitted_at": "2024-01-25T13:29:10.107Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzNTMxODU=",
    "_id": "2353185",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjQxNjU5Mw==",
      "name": "william",
      "username": "chor4o",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzUzMTg1",
      "databaseId": "2353185",
      "title": "Xss  - ███",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2353185",
      "disclosed_at": "2024-03-22T17:47:21.719Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI1Nw==",
        "hacktivity_summary": "The parameter 'goal[1][Costs]' was vulnerable to cross-site scripting (XSS) attack. The vulnerability allowed the attacker to inject malicious JavaScript code into the application, which could be executed by the users viewing the report.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 40,
    "team": {
      "handle": "deptofdefense",
      "name": "U.S. Dept Of Defense",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/016/064/46cd0286b1fa224aaa2cb9dfaaca9fa22b5b80b2_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/deptofdefense",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMTYwNjQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-03-22T17:47:21.837Z",
    "submitted_at": "2024-02-02T21:16:35.025Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwMTQ5NTU=",
    "_id": "2014955",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTIyMDA2NA==",
      "name": "Alhasan Mohamed",
      "username": "maxdha",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDE0OTU1",
      "databaseId": "2014955",
      "title": "#1 XSS on watchdocs.indriverapp.com",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2014955",
      "disclosed_at": "2024-04-11T09:01:27.222Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI5Nw==",
        "hacktivity_summary": "The security vulnerability found on watchdocs.indriverapp.com allowed for cross-site scripting (XSS) attacks. The vulnerability was triggered by crafting a specific URL that executed arbitrary JavaScript code when accessed by users.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 8,
    "team": {
      "handle": "indrive",
      "name": "inDrive",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/765s9sszvp9zyt9qwkeaa52vvkf3/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/indrive",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODU3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 100,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-11T09:01:27.410Z",
    "submitted_at": "2023-06-06T17:18:15.473Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwMTUwNzQ=",
    "_id": "2015074",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTIyMDA2NA==",
      "name": "Alhasan Mohamed",
      "username": "maxdha",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": null,
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDE1MDc0",
      "databaseId": "2015074",
      "title": "#2 XSS on watchdocs.indriverapp.com",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2015074",
      "disclosed_at": "2024-04-11T08:33:21.051Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI5Ng==",
        "hacktivity_summary": "An XSS vulnerability was discovered on watchdocs.indriverapp.com. The vulnerability allowed execution of JavaScript on the user's browser.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 7,
    "team": {
      "handle": "indrive",
      "name": "inDrive",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/765s9sszvp9zyt9qwkeaa52vvkf3/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/indrive",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODU3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 100,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-11T08:33:21.296Z",
    "submitted_at": "2023-06-06T20:12:30.611Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwMjgyNjU=",
    "_id": "2028265",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTIyMDA2NA==",
      "name": "Alhasan Mohamed",
      "username": "maxdha",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDI4MjY1",
      "databaseId": "2028265",
      "title": "#3 XSS on watchdocs.indriverapp.com",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2028265",
      "disclosed_at": "2024-04-11T08:33:03.409Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI5NQ==",
        "hacktivity_summary": "A cross-site scripting (XSS) vulnerability was discovered on the watchdocs.indriverapp.com website. The vulnerability allowed an attacker to execute arbitrary JavaScript code in the victim's browser by injecting malicious input into the URL parameters.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 6,
    "team": {
      "handle": "indrive",
      "name": "inDrive",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/765s9sszvp9zyt9qwkeaa52vvkf3/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/indrive",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4ODU3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 234,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-11T08:33:03.578Z",
    "submitted_at": "2023-06-16T01:50:00.169Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyMjMwNDE=",
    "_id": "2223041",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTMxMjI2NQ==",
      "name": "ahmadalzuriqi ",
      "username": "fo00x",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Improper Authentication - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjIzMDQx",
      "databaseId": "2223041",
      "title": "Unprotected Atlantis Server at https://152.70.█.█",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2223041",
      "disclosed_at": "2024-04-11T02:44:55.174Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI5NA==",
        "hacktivity_summary": "The Atlantis test server at https://152.70.█.█ was found to be exposed without protection. Atlantis is an application used to automate Terraform via pull requests. The issue was identified and resolved by restricting access to the Atlantis service.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 4,
    "team": {
      "handle": "8x8",
      "name": "8x8",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/032/665/6299e752b6c0a29c3438dc907e8d836e590576f5_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/8x8",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMzI2NjU=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-11T02:44:55.342Z",
    "submitted_at": "2023-10-23T21:34:02.303Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0NTMzMjI=",
    "_id": "2453322",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTU0",
      "name": "Bartek Nowotarski",
      "username": "bart",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-27316"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDUzMzIy",
      "databaseId": "2453322",
      "title": "Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2453322",
      "disclosed_at": "2024-04-24T18:29:50.989Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMxMw==",
        "hacktivity_summary": "The Apache HTTP Server vulnerability CVE-2024-27316 was recently discovered. HTTP/2 incoming headers exceeding the limit were temporarily buffered in nghttp2 to generate an HTTP 413 response. However, if the client did not stop sending headers, this led to memory exhaustion. The vulnerability was reported by Bartek Nowotarski.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 2,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ6QFDS5WY%2F20240424%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240424T190601Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEsaCXVzLXdlc3QtMiJIMEYCIQDPH2PcxxDKKEtBHZIw4IpujA2LRubY9w8a44MuVGsHngIhAOs17eCaJAyn8IKzcaBLMujdu6U8aytca5FPdryE7DHAKrsFCJT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMMDEzNjE5Mjc0ODQ5IgwK2%2FqccbxGxqpq0TAqjwXF6uud0Vn%2FRJMMlITRNXmF9c7g73811jpBUNAx65iO0nRxd81ojU1wppwn44WqQL174tjzLtTXM2L4kGXkD%2BQKXIZDITv6QSSkeohXndJBl57JvvlkF%2FnQiG%2Bi4llC%2B6X6YwR3WGE4n7k2jzMlzOMKbTPwwSWwPytsb0WAhUSeaqUxN81KSdSzbNe%2BdwllaJdvMd5qXar50dF1tz222Pz12Q%2B4D37XrboLRuL07NvSZ8GphuWZuHhIiQdY29OGjNSBp6x7oqBeOlZFz86pgVcRuwf6xuPcCheHx%2FcfCaIoFMtqGObiIyVZE0H92mCxgPzCzvTCvKXsddGNpMqiMxEeNdQCoRuxMUoWCZAtf2UC0o8oQg%2FtnxXCAgScNgNoi6bpN86VVbU3v2fD1F9U4nrqmLK65UJrWq9Gsi%2BC25xvOUhB82ovH9Wfi2fdp3U1z7rqZTxbgW7ovfw6CiXc8H1LNNvb1uMG0KN%2BmfzOa3j09RLahzF4er05O1QwXjm1QpkaqCjU%2Bq8FRy%2B6jS%2BxdGgyn3Rl83VH1KuSA1R21tzpjjDA%2FN5ZoaqITlVicT6P96n9ZsDBqviImSA3Jp0F1Z4r8tO1ThHuZ5OepfkKuzi99pFru7KkR2tBtqPJD2hKk%2Bsx25%2Fkf9t4%2BqrGTFZKTxzWes2haSYwtqQgwQw1Y%2B1hRe98i9%2Fy3yxYwg91G45uVdgz48dXCt1D%2FEIACPkaq3o8hEvaclWlduop2xZK89%2FOjMR2IF%2BccGo9t%2FtdU48q7IqG9mb%2FtShJqogFSD%2B6oh7nd32H3G0%2F3TUxnXwjt0oamOQ6Z1ShiwBxQi5KvaiGsan%2FBJbrgOVhlIrXPAfXAOy98irWX62csmII7lKx3zkkMM%2BdpbEGOrAB42QyywzBn0nTErayvfMM0tPiesP0PEqs7I%2FV%2BpNl0HhPpSQ6qcXHFP5L0al4jZUY4t2q9uj8UTGy0%2FQtSqjXYB1HqiPoGwmXecFCJLJ7wGSKFwqOAxwkRnXdbXVCE%2B328E3D3sbNspsCJpUxW%2F2BqgC29mQ8bLr3L%2FZW0Iy6O9OZwG7bVPLSAneIIRuDKaZXIOWEy1JPU3GgO2WMaCyFJ9TzurDDW2Bn6DudkMDerOI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=9b47bab0c3066089f3a6005cc42bb8e456b3f2ccab9004eec412444c95274ae9",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 2580,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-24T18:29:51.961Z",
    "submitted_at": "2024-04-08T20:33:40.580Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIwOTA5NjQ=",
    "_id": "2090964",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjY5NjY4NQ==",
      "name": "hasan sheet",
      "username": "hassan_sheet",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMDkwOTY0",
      "databaseId": "2090964",
      "title": "RXSS in hidden parameter",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2090964",
      "disclosed_at": "2024-04-23T13:48:32.123Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMxMg==",
        "hacktivity_summary": "RXSS in hidden parameter was reported to IBM, analyzed, and has been remediated. The vulnerability was a reflected cross-site scripting issue found in a hidden parameter.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 20,
    "team": {
      "handle": "ibm",
      "name": "IBM",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/002/060/c9c3633edc1081446038c76237344b51696334da_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/ibm",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMjA2MA==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-23T13:48:32.203Z",
    "submitted_at": "2023-07-31T18:54:06.529Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0Njc5OTk=",
    "_id": "2467999",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjU4NA==",
      "name": "Griffin",
      "username": "griffinf",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Insecure Storage of Sensitive Information",
    "severity_rating": "Critical",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDY3OTk5",
      "databaseId": "2467999",
      "title": "Jira Credential Disclosure within Mozilla Slack",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2467999",
      "disclosed_at": "2024-04-23T12:13:25.734Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMxMQ==",
        "hacktivity_summary": "The Jira admin API keys were disclosed within a Mozilla Slack channel by a staff member. The exposed credentials allowed for the verification of the user's elevated privileges, including being a Jira Administrator, Administrator, and Jira Service Desk user.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 21,
    "team": {
      "handle": "mozilla_core_services",
      "name": "Mozilla",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/0p8e6gg8xoy45dhjxs5wh4iti6k8/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/mozilla_core_services",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzYxMjM2",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-23T12:13:25.872Z",
    "submitted_at": "2024-04-17T17:46:50.781Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0NDI2MTM=",
    "_id": "2442613",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjU0ODY0NQ==",
      "name": "w0x42",
      "username": "w0x42",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-2398"
    ],
    "cwe": null,
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDQyNjEz",
      "databaseId": "2442613",
      "title": "CVE-2024-2398: HTTP/2 push headers memory-leak",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2442613",
      "disclosed_at": "2024-04-22T19:53:50.452Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMwOQ==",
        "hacktivity_summary": "A memory leak was found in libcurl when handling HTTP/2 push headers. The vulnerability was caused by libcurl's failure to properly release the allocated memory when aborting a server push due to the maximum allowed limit being exceeded. This could lead to denial of service due to memory exhaustion.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 21,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ6QFDS5WY%2F20240424%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240424T190601Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEsaCXVzLXdlc3QtMiJIMEYCIQDPH2PcxxDKKEtBHZIw4IpujA2LRubY9w8a44MuVGsHngIhAOs17eCaJAyn8IKzcaBLMujdu6U8aytca5FPdryE7DHAKrsFCJT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMMDEzNjE5Mjc0ODQ5IgwK2%2FqccbxGxqpq0TAqjwXF6uud0Vn%2FRJMMlITRNXmF9c7g73811jpBUNAx65iO0nRxd81ojU1wppwn44WqQL174tjzLtTXM2L4kGXkD%2BQKXIZDITv6QSSkeohXndJBl57JvvlkF%2FnQiG%2Bi4llC%2B6X6YwR3WGE4n7k2jzMlzOMKbTPwwSWwPytsb0WAhUSeaqUxN81KSdSzbNe%2BdwllaJdvMd5qXar50dF1tz222Pz12Q%2B4D37XrboLRuL07NvSZ8GphuWZuHhIiQdY29OGjNSBp6x7oqBeOlZFz86pgVcRuwf6xuPcCheHx%2FcfCaIoFMtqGObiIyVZE0H92mCxgPzCzvTCvKXsddGNpMqiMxEeNdQCoRuxMUoWCZAtf2UC0o8oQg%2FtnxXCAgScNgNoi6bpN86VVbU3v2fD1F9U4nrqmLK65UJrWq9Gsi%2BC25xvOUhB82ovH9Wfi2fdp3U1z7rqZTxbgW7ovfw6CiXc8H1LNNvb1uMG0KN%2BmfzOa3j09RLahzF4er05O1QwXjm1QpkaqCjU%2Bq8FRy%2B6jS%2BxdGgyn3Rl83VH1KuSA1R21tzpjjDA%2FN5ZoaqITlVicT6P96n9ZsDBqviImSA3Jp0F1Z4r8tO1ThHuZ5OepfkKuzi99pFru7KkR2tBtqPJD2hKk%2Bsx25%2Fkf9t4%2BqrGTFZKTxzWes2haSYwtqQgwQw1Y%2B1hRe98i9%2Fy3yxYwg91G45uVdgz48dXCt1D%2FEIACPkaq3o8hEvaclWlduop2xZK89%2FOjMR2IF%2BccGo9t%2FtdU48q7IqG9mb%2FtShJqogFSD%2B6oh7nd32H3G0%2F3TUxnXwjt0oamOQ6Z1ShiwBxQi5KvaiGsan%2FBJbrgOVhlIrXPAfXAOy98irWX62csmII7lKx3zkkMM%2BdpbEGOrAB42QyywzBn0nTErayvfMM0tPiesP0PEqs7I%2FV%2BpNl0HhPpSQ6qcXHFP5L0al4jZUY4t2q9uj8UTGy0%2FQtSqjXYB1HqiPoGwmXecFCJLJ7wGSKFwqOAxwkRnXdbXVCE%2B328E3D3sbNspsCJpUxW%2F2BqgC29mQ8bLr3L%2FZW0Iy6O9OZwG7bVPLSAneIIRuDKaZXIOWEy1JPU3GgO2WMaCyFJ9TzurDDW2Bn6DudkMDerOI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=9b47bab0c3066089f3a6005cc42bb8e456b3f2ccab9004eec412444c95274ae9",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 2580,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-22T19:53:51.740Z",
    "submitted_at": "2024-03-31T20:25:18.020Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzQ0MDE=",
    "_id": "2334401",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTU0",
      "name": "Bartek Nowotarski",
      "username": "bart",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-24549"
    ],
    "cwe": "Uncontrolled Resource Consumption",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzM0NDAx",
      "databaseId": "2334401",
      "title": "Denial of Service caused by HTTP/2 CONTINUATION Flood",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2334401",
      "disclosed_at": "2024-04-22T19:52:39.534Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMwOA==",
        "hacktivity_summary": "A denial of service vulnerability was discovered in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M16, 10.1.0-M1 to 10.1.18, 9.0.0-M1 to 9.0.85, and 8.5.0 to 8.5.98. The vulnerability was caused by the way Tomcat processed HTTP/2 requests that exceeded configured limits for headers. A fix was released in versions 11.0.0-M17, 10.1.19, 9.0.86, and 8.5.99.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 20,
    "team": {
      "handle": "ibb",
      "name": "Internet Bug Bounty",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ6QFDS5WY%2F20240424%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240424T190601Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEsaCXVzLXdlc3QtMiJIMEYCIQDPH2PcxxDKKEtBHZIw4IpujA2LRubY9w8a44MuVGsHngIhAOs17eCaJAyn8IKzcaBLMujdu6U8aytca5FPdryE7DHAKrsFCJT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMMDEzNjE5Mjc0ODQ5IgwK2%2FqccbxGxqpq0TAqjwXF6uud0Vn%2FRJMMlITRNXmF9c7g73811jpBUNAx65iO0nRxd81ojU1wppwn44WqQL174tjzLtTXM2L4kGXkD%2BQKXIZDITv6QSSkeohXndJBl57JvvlkF%2FnQiG%2Bi4llC%2B6X6YwR3WGE4n7k2jzMlzOMKbTPwwSWwPytsb0WAhUSeaqUxN81KSdSzbNe%2BdwllaJdvMd5qXar50dF1tz222Pz12Q%2B4D37XrboLRuL07NvSZ8GphuWZuHhIiQdY29OGjNSBp6x7oqBeOlZFz86pgVcRuwf6xuPcCheHx%2FcfCaIoFMtqGObiIyVZE0H92mCxgPzCzvTCvKXsddGNpMqiMxEeNdQCoRuxMUoWCZAtf2UC0o8oQg%2FtnxXCAgScNgNoi6bpN86VVbU3v2fD1F9U4nrqmLK65UJrWq9Gsi%2BC25xvOUhB82ovH9Wfi2fdp3U1z7rqZTxbgW7ovfw6CiXc8H1LNNvb1uMG0KN%2BmfzOa3j09RLahzF4er05O1QwXjm1QpkaqCjU%2Bq8FRy%2B6jS%2BxdGgyn3Rl83VH1KuSA1R21tzpjjDA%2FN5ZoaqITlVicT6P96n9ZsDBqviImSA3Jp0F1Z4r8tO1ThHuZ5OepfkKuzi99pFru7KkR2tBtqPJD2hKk%2Bsx25%2Fkf9t4%2BqrGTFZKTxzWes2haSYwtqQgwQw1Y%2B1hRe98i9%2Fy3yxYwg91G45uVdgz48dXCt1D%2FEIACPkaq3o8hEvaclWlduop2xZK89%2FOjMR2IF%2BccGo9t%2FtdU48q7IqG9mb%2FtShJqogFSD%2B6oh7nd32H3G0%2F3TUxnXwjt0oamOQ6Z1ShiwBxQi5KvaiGsan%2FBJbrgOVhlIrXPAfXAOy98irWX62csmII7lKx3zkkMM%2BdpbEGOrAB42QyywzBn0nTErayvfMM0tPiesP0PEqs7I%2FV%2BpNl0HhPpSQ6qcXHFP5L0al4jZUY4t2q9uj8UTGy0%2FQtSqjXYB1HqiPoGwmXecFCJLJ7wGSKFwqOAxwkRnXdbXVCE%2B328E3D3sbNspsCJpUxW%2F2BqgC29mQ8bLr3L%2FZW0Iy6O9OZwG7bVPLSAneIIRuDKaZXIOWEy1JPU3GgO2WMaCyFJ9TzurDDW2Bn6DudkMDerOI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=9b47bab0c3066089f3a6005cc42bb8e456b3f2ccab9004eec412444c95274ae9",
      "url": "https://hackerone.com/ibb",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU0MzQ5",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 4860,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-22T19:52:41.414Z",
    "submitted_at": "2024-01-25T12:51:51.084Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE4NDI4MDA=",
    "_id": "1842800",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTkzMDI1",
      "name": "",
      "username": "renzi",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Reflected",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xODQyODAw",
      "databaseId": "1842800",
      "title": "Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting on cbconnection-stage.adobe.com ",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1842800",
      "disclosed_at": "2024-04-22T16:10:48.523Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMwNw==",
        "hacktivity_summary": "We appreciate the collaboration and responsible disclosure of this researcher.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 15,
    "team": {
      "handle": "adobe",
      "name": "Adobe",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/qtwRFSzn2th8Rz52AH2RfhZd/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/adobe",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzM0Nw==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-22T16:10:51.152Z",
    "submitted_at": "2023-01-21T22:45:16.789Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIzMzc5Mzg=",
    "_id": "2337938",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTkxNTE5Mg==",
      "name": "tuannq",
      "username": "tuannq_gg",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cleartext Transmission of Sensitive Information",
    "severity_rating": "Low",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMzM3OTM4",
      "databaseId": "2337938",
      "title": "Cleartext Transmission of password via Email",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2337938",
      "disclosed_at": "2024-04-22T04:21:38.560Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMwNg==",
        "hacktivity_summary": "The password was sent to the user's email in cleartext after successful signup as a fan.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 38,
    "team": {
      "handle": "sheer_bbp",
      "name": "Sheer",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/wldbjh6cehivuuv3q057pqe5bddj/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/sheer_bbp",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU4Njk3",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 200,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-22T04:21:38.788Z",
    "submitted_at": "2024-01-28T14:57:16.628Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0MTAxMTE=",
    "_id": "2410111",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTI4MDc4NA==",
      "name": "Adnan Khan",
      "username": "adnanthekhan",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Information Disclosure",
    "severity_rating": "High",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDEwMTEx",
      "databaseId": "2410111",
      "title": "Docker Secret Disclosure via GitHub Actions Cache Poisoning",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2410111",
      "disclosed_at": "2024-04-20T13:38:53.646Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMwNQ==",
        "hacktivity_summary": "The vulnerability involved the disclosure of Docker secrets through GitHub Actions cache poisoning. The issue was reported and subsequently resolved.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 39,
    "team": {
      "handle": "hyperledger",
      "name": "Hyperledger",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/6t4gcsqjok9cz34ygw17mwkp1tsr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/hyperledger",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzIyNTIy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 2000,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-20T13:38:53.801Z",
    "submitted_at": "2024-03-11T00:54:09.654Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4Lzk2MTE1",
    "_id": "96115",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjEzMTc=",
      "name": "",
      "username": "karan",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2016-9124"
    ],
    "cwe": "Violation of Secure Design Principles",
    "severity_rating": null,
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC85NjExNQ==",
      "databaseId": "96115",
      "title": "Login page password-guessing attack",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/96115",
      "disclosed_at": "2024-04-19T13:50:18.408Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 28,
    "team": {
      "handle": "revive_adserver",
      "name": "Revive Adserver",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/002/367/4f47a5b4a364515d4bbdc17550d67ea5415363cd_original.png/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/revive_adserver",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpWdWxuZXJhYmlsaXR5RGlzY2xvc3VyZVByb2dyYW0vMjM2Nw==",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ManuallyDisclosed",
    "latest_disclosable_activity_at": "2024-04-19T13:50:18.309Z",
    "submitted_at": "2015-10-27T16:47:40.969Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzE2Njk3NjQ=",
    "_id": "1669764",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMTUwNzMzOQ==",
      "name": "Ilya",
      "username": "itriedallthenamess",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Cross-site Scripting (XSS) - Stored",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8xNjY5NzY0",
      "databaseId": "1669764",
      "title": "Stored XSS in messages",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/1669764",
      "disclosed_at": "2024-04-17T06:56:12.618Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzMwMQ==",
        "hacktivity_summary": "The security issue described involves a stored cross-site scripting (XSS) vulnerability in the message functionality of the system. The vulnerability allowed an attacker to inject malicious code into messages, which could be executed when the victim viewed the message. This resulted in the attacker being able to steal the session ID of the victim's account and log in using it.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 77,
    "team": {
      "handle": "sidefx",
      "name": "SideFX",
      "medium_profile_picture": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/h7pk4347ap4x2wxyq1bdx1aykzgt/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22logo.png%22%3B%20filename%2A%3DUTF-8%27%27logo.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ6QFDS5WY%2F20240424%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240424T190601Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEsaCXVzLXdlc3QtMiJIMEYCIQDPH2PcxxDKKEtBHZIw4IpujA2LRubY9w8a44MuVGsHngIhAOs17eCaJAyn8IKzcaBLMujdu6U8aytca5FPdryE7DHAKrsFCJT%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMMDEzNjE5Mjc0ODQ5IgwK2%2FqccbxGxqpq0TAqjwXF6uud0Vn%2FRJMMlITRNXmF9c7g73811jpBUNAx65iO0nRxd81ojU1wppwn44WqQL174tjzLtTXM2L4kGXkD%2BQKXIZDITv6QSSkeohXndJBl57JvvlkF%2FnQiG%2Bi4llC%2B6X6YwR3WGE4n7k2jzMlzOMKbTPwwSWwPytsb0WAhUSeaqUxN81KSdSzbNe%2BdwllaJdvMd5qXar50dF1tz222Pz12Q%2B4D37XrboLRuL07NvSZ8GphuWZuHhIiQdY29OGjNSBp6x7oqBeOlZFz86pgVcRuwf6xuPcCheHx%2FcfCaIoFMtqGObiIyVZE0H92mCxgPzCzvTCvKXsddGNpMqiMxEeNdQCoRuxMUoWCZAtf2UC0o8oQg%2FtnxXCAgScNgNoi6bpN86VVbU3v2fD1F9U4nrqmLK65UJrWq9Gsi%2BC25xvOUhB82ovH9Wfi2fdp3U1z7rqZTxbgW7ovfw6CiXc8H1LNNvb1uMG0KN%2BmfzOa3j09RLahzF4er05O1QwXjm1QpkaqCjU%2Bq8FRy%2B6jS%2BxdGgyn3Rl83VH1KuSA1R21tzpjjDA%2FN5ZoaqITlVicT6P96n9ZsDBqviImSA3Jp0F1Z4r8tO1ThHuZ5OepfkKuzi99pFru7KkR2tBtqPJD2hKk%2Bsx25%2Fkf9t4%2BqrGTFZKTxzWes2haSYwtqQgwQw1Y%2B1hRe98i9%2Fy3yxYwg91G45uVdgz48dXCt1D%2FEIACPkaq3o8hEvaclWlduop2xZK89%2FOjMR2IF%2BccGo9t%2FtdU48q7IqG9mb%2FtShJqogFSD%2B6oh7nd32H3G0%2F3TUxnXwjt0oamOQ6Z1ShiwBxQi5KvaiGsan%2FBJbrgOVhlIrXPAfXAOy98irWX62csmII7lKx3zkkMM%2BdpbEGOrAB42QyywzBn0nTErayvfMM0tPiesP0PEqs7I%2FV%2BpNl0HhPpSQ6qcXHFP5L0al4jZUY4t2q9uj8UTGy0%2FQtSqjXYB1HqiPoGwmXecFCJLJ7wGSKFwqOAxwkRnXdbXVCE%2B328E3D3sbNspsCJpUxW%2F2BqgC29mQ8bLr3L%2FZW0Iy6O9OZwG7bVPLSAneIIRuDKaZXIOWEy1JPU3GgO2WMaCyFJ9TzurDDW2Bn6DudkMDerOI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=12373573dbd37e85c4ab1b32e35ccff225cb87d68b7cb8f7b8e96c1c4f3bbb64",
      "url": "https://hackerone.com/sidefx",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzU1NTUy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": 500,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-17T06:56:14.176Z",
    "submitted_at": "2022-08-15T15:41:56.569Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzI0NjE3Mzc=",
    "_id": "2461737",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjgxNjk0Ng==",
      "name": "john cai",
      "username": "john_cai11111111",
      "__typename": "User"
    },
    "cve_ids": [],
    "cwe": "Business Logic Errors",
    "severity_rating": null,
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yNDYxNzM3",
      "databaseId": "2461737",
      "title": "Incorrect logic when buy one more license which may lead to extend the expire date of existing license",
      "substate": "informative",
      "url": "https://hackerone.com/reports/2461737",
      "disclosed_at": "2024-04-16T07:41:26.935Z",
      "report_generated_content": null,
      "__typename": "Report"
    },
    "votes": 42,
    "team": {
      "handle": "portswigger",
      "name": "PortSwigger Web Security",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/015/252/60e8778f4f1fee57ea2b164a7d2ec1e2d2dd7bc8_original./5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937",
      "url": "https://hackerone.com/portswigger",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE1MjUy",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-16T07:41:27.095Z",
    "submitted_at": "2024-04-13T08:08:42.751Z",
    "disclosed": true,
    "has_collaboration": false
  },
  {
    "__typename": "CompleteHacktivityReportDocument",
    "id": "Z2lkOi8vaGFja2Vyb25lL0NvbXBsZXRlSGFja3Rpdml0eVJlcG9ydEluZGV4LzIyNDY1NzY=",
    "_id": "2246576",
    "reporter": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1VzZXIvMjA5OTEy",
      "name": "Sudhanshu Rajbhar",
      "username": "sudi",
      "__typename": "User"
    },
    "cve_ids": [
      "CVE-2024-1084"
    ],
    "cwe": "Cross-site Scripting (XSS) - Generic",
    "severity_rating": "Medium",
    "upvoted": null,
    "public": true,
    "report": {
      "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydC8yMjQ2NTc2",
      "databaseId": "2246576",
      "title": "Self XSS in  Tag name pattern field /<username>/<reponame>/settings/tag_protection/new ",
      "substate": "resolved",
      "url": "https://hackerone.com/reports/2246576",
      "disclosed_at": "2024-04-15T17:52:02.511Z",
      "report_generated_content": {
        "id": "Z2lkOi8vaGFja2Vyb25lL1JlcG9ydEdlbmVyYXRlZENvbnRlbnQvNzI5OQ==",
        "hacktivity_summary": "A self-XSS vulnerability was discovered in the tag name pattern field of the tag protections UI in GitHub Enterprise Server. The vulnerability allowed a malicious website that required user interaction and social engineering to make changes to a user account via a CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15.",
        "__typename": "ReportGeneratedContent"
      },
      "__typename": "Report"
    },
    "votes": 57,
    "team": {
      "handle": "github",
      "name": "GitHub",
      "medium_profile_picture": "https://profile-photos.hackerone-user-content.com/variants/000/001/894/1de36b69ee85cb77397b0ee01ddbabd7ed47a3dd_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc",
      "url": "https://hackerone.com/github",
      "id": "Z2lkOi8vaGFja2Vyb25lL0VuZ2FnZW1lbnRzOjpCdWdCb3VudHlQcm9ncmFtLzE4OTQ=",
      "currency": "usd",
      "__typename": "Team"
    },
    "total_awarded_amount": null,
    "latest_disclosable_action": "Activities::ReportBecamePublic",
    "latest_disclosable_activity_at": "2024-04-15T17:52:02.815Z",
    "submitted_at": "2023-11-09T16:47:30.748Z",
    "disclosed": true,
    "has_collaboration": true
  }
]