Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-05-08
Full Version: HackerOne Disclosed Reports - 2025-05-08
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

05-09-2025, 06:00 PM
Logo
Medium
resolved

Ability to access policy and updates for unauthorized program


Bug reported by was disclosed at May 8, 2025, 4:11 pm   |   Improper Access Control - Generic

The vulnerability allowed an unauthorized user to access the policy and updates for a restricted program using an API key. The user was able to retrieve sensitive data from the unauthorized program, even though they were only granted access to one of the two programs in the organization.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-05-08