HackerOne Disclosed Reports - 2025-10-08

hashXploiter · hashXploiter 10-09-2025, 12:30 PM Administrator

High
resolved

Pending invites remain valid even after the inviter is removed.

Bug reported by Mantosh Sah was disclosed at October 8, 2025, 3:51 am | Privilege Escalation

The pending invites created by a removed admin remained valid, and members already added by the removed admin remained in the team with admin privileges, even after the inviter was removed.

HackerOne Disclosed Reports - 2025-10-08

hashXploiter

Pending invites remain valid even after the inviter is removed.