HackerOne Disclosed Reports - 2025-05-31

Low
resolved

Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information

Bug reported by Max was disclosed at May 31, 2025, 10:11 am   |   Information Disclosure

Publicly available GitHub repositories for HackerOne-managed triage team profiles were found to contain private HackerOne vulnerability reports. Several repositories were identified that reproduced exploits for private bug bounty programs. The disclosed information included details such as access tokens, server URLs, and secret leaks for various organizations' tools and services.