+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-01-02 (/Thread-HackerOne-Disclosed-Reports-2026-01-02)
HackerOne disclosed reports - 2026-01-02 - hashXploiter - 01-03-2026
Low
resolved
resolved
The role "CI-driven scan initiator" provides excessive read access
Bug reported by Osama Hamad was disclosed at January 2, 2026, 9:32 am | Privilege Escalation
The reporter noticed that all authenticated users were able to access certain non-sensitive information such as metadata about third-party integrations. This was found to be by design, and the documentation was updated to clarify the information available to all authenticated users.