Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-05-13
Full Version: HackerOne Disclosed Reports - 2025-05-13
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

05-14-2025, 06:00 PM
Logo
Critical
resolved

Netlify Authentication Token Exposed in Public Mozilla CI Logs


Bug reported by Samir Sec was disclosed at May 13, 2025, 9:35 am   |   Information Disclosure

A critical vulnerability was discovered involving the exposure of a Netlify authentication token within publicly accessible logs. The token provided full access to the "Mozilla IT Web SRE" Netlify account, bypassing all restrictions. The token's permissions encompassed roles such as Owner, Developer, Billing Admin, Reviewer, Publisher, and Content Editor, granting complete control over site management, deployments, billing, and content configurations.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-05-13