DOS: out of memory from gif through upload api
π https://hackerone.com/reports/1620170
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mattermost
πΉ Reported By: #catenacyber
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 8:49am (UTC)
π https://hackerone.com/reports/1620170
πΉ Severity: Low | π° 150 USD
πΉ Reported To: Mattermost
πΉ Reported By: #catenacyber
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 8:49am (UTC)
size_t-to-int vulnerability in exFAT leads to memory corruption via malformed USB flash drives
π https://hackerone.com/reports/1340942
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #theflow0
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 7:06pm (UTC)
π https://hackerone.com/reports/1340942
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #theflow0
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 7:06pm (UTC)
π₯3
Create product discounts of any shop
π https://hackerone.com/reports/1571578
πΉ Severity: Medium | π° 4,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 10:39pm (UTC)
π https://hackerone.com/reports/1571578
πΉ Severity: Medium | π° 4,500 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 10:39pm (UTC)
Add products to any livestream.
π https://hackerone.com/reports/1654657
πΉ Severity: Medium | π° 3,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 10:41pm (UTC)
π https://hackerone.com/reports/1654657
πΉ Severity: Medium | π° 3,000 USD
πΉ Reported To: TikTok
πΉ Reported By: #datph4m
πΉ State: π’ Resolved
πΉ Disclosed: September 21, 2022, 10:41pm (UTC)
DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe
π https://hackerone.com/reports/1519437
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #is-
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 3:19am (UTC)
π https://hackerone.com/reports/1519437
πΉ Severity: Low
πΉ Reported To: 8x8
πΉ Reported By: #is-
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 3:19am (UTC)
XSS in ZenTao integration affecting self hosted instances without strict CSP
π https://hackerone.com/reports/1542510
πΉ Severity: High | π° 13,950 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 9:10am (UTC)
π https://hackerone.com/reports/1542510
πΉ Severity: High | π° 13,950 USD
πΉ Reported To: GitLab
πΉ Reported By: #joaxcar
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 9:10am (UTC)
π₯3
Regex account takeover
π https://hackerone.com/reports/1581059
πΉ Severity: Critical
πΉ Reported To: Rocket.Chat
πΉ Reported By: #ghaem51
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:00pm (UTC)
π https://hackerone.com/reports/1581059
πΉ Severity: Critical
πΉ Reported To: Rocket.Chat
πΉ Reported By: #ghaem51
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:00pm (UTC)
Persistent CSS injection with βmarkedβ markdown parser in Rocket.Chat
π https://hackerone.com/reports/1401268
πΉ Severity: High
πΉ Reported To: Rocket.Chat
πΉ Reported By: #danieljpp
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:00pm (UTC)
π https://hackerone.com/reports/1401268
πΉ Severity: High
πΉ Reported To: Rocket.Chat
πΉ Reported By: #danieljpp
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:00pm (UTC)
It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.
π https://hackerone.com/reports/917946
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #garretby
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:00pm (UTC)
π https://hackerone.com/reports/917946
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #garretby
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:00pm (UTC)
getUserMentionsByChannel leaks messages with mention from private channel
π https://hackerone.com/reports/1410246
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:01pm (UTC)
π https://hackerone.com/reports/1410246
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:01pm (UTC)
Bypass local authentication (PIN code)
π https://hackerone.com/reports/1126414
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #dago_669
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:01pm (UTC)
π https://hackerone.com/reports/1126414
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #dago_669
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:01pm (UTC)
Unintended information disclosure in the Hubot Log files
π https://hackerone.com/reports/1394399
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #rolfzur
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:01pm (UTC)
π https://hackerone.com/reports/1394399
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #rolfzur
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:01pm (UTC)
REST API gets `query` as parameter and executes it
π https://hackerone.com/reports/1140631
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #paulocsanz
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:02pm (UTC)
π https://hackerone.com/reports/1140631
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #paulocsanz
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:02pm (UTC)
Message ID Enumeration with Action Link Handler
π https://hackerone.com/reports/1406953
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:02pm (UTC)
π https://hackerone.com/reports/1406953
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:02pm (UTC)
TOTP 2 Factor Authentication Bypass
π https://hackerone.com/reports/1448268
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:02pm (UTC)
π https://hackerone.com/reports/1448268
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:02pm (UTC)
getRoomRoles Method leaks Channel Owner
π https://hackerone.com/reports/1447440
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
π https://hackerone.com/reports/1447440
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
NoSQL-Injection discloses S3 File Upload URLs
π https://hackerone.com/reports/1458020
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
π https://hackerone.com/reports/1458020
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
API route chat.getThreadsList leaks private message content
π https://hackerone.com/reports/1446767
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
π https://hackerone.com/reports/1446767
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
Message ID Enumeration with Regular Expression in getReadReceipts Meteor method
π https://hackerone.com/reports/1377105
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
π https://hackerone.com/reports/1377105
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:03pm (UTC)
Rocket.chat user info security issue
π https://hackerone.com/reports/1517377
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #mikolajczak
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:04pm (UTC)
π https://hackerone.com/reports/1517377
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #mikolajczak
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:04pm (UTC)
getUsersOfRoom discloses users in private channels
π https://hackerone.com/reports/1410357
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:04pm (UTC)
π https://hackerone.com/reports/1410357
πΉ Severity: Medium
πΉ Reported To: Rocket.Chat
πΉ Reported By: #gronke
πΉ State: π’ Resolved
πΉ Disclosed: September 22, 2022, 4:04pm (UTC)