HackerOne Disclosed Reports - 2025-02-20

Low
resolved

Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files

Bug reported by Lukas Reschke was disclosed at February 21, 2025, 10:39 am   |   Information Disclosure

The summary is as follows:

It was possible to enumerate valid files in password protected shares and file drop shares. Additionally, it was possible to spam the folder with empty files using an attacker-controlled file name. The vulnerability existed in the `DocumentAPIController#create` method, which did not validate whether the share was writable, upload-only, or password protected.

Low
resolved

IDOR on ads.tiktok.com Allows Unauthorized Product Addition

Bug reported by seyedh2o was disclosed at February 20, 2025, 10:16 pm   |   Insecure Direct Object Reference (IDOR)

An Insecure Direct Object Reference (IDOR) vulnerability was discovered on the TikTok Ads API that allowed the addition of arbitrary products to a user's catalog without proper authorization.

Medium
resolved

Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML

Bug reported by L33thaxor was disclosed at February 20, 2025, 3:21 pm   |   Uncontrolled Resource Consumption

The REXML library in Ruby was found to be vulnerable to an issue where parsing a maliciously crafted XML file could lead to uncontrolled resource consumption, resulting in a denial of service. The vulnerability was caused by a flaw in the namespace handling functionality of the REXML library.

Medium
resolved

Unauthenticated phpinfo()files could lead to ability file read at h2f54.n1.ips.mtn.co.ug [/dashboard/]

Bug reported by ꦄꦤ꧀ꦢꦿꦶ was disclosed at February 20, 2025, 1:32 pm   |   Violation of Secure Design Principles

The phpinfo() files at h2f54.n1.ips.mtn.co.ug were left unauthenticated, potentially allowing remote attackers to obtain sensitive information about the web server configuration.