IRC-Bot exposes information

Disclosed: 2017-04-21 20:36:32 By luke081515 To phabricator

Medium

Vulnerability Details

You can setup the IRC-Bot, and set it into private channels, so that it posts only information about tasks into private channels. Example: <Human> T698 <Bot> T698: Task title - https://url.example.org/T698 The problem is, that, if the bot is online in IRC, you can send him task numbers via private messages, and then he exposes the title of tasks without access control.

Actions

View on HackerOne

Report Stats

Report ID: 222870
State: Closed
Substate: resolved
Upvotes: 7

IRC-Bot exposes information

Vulnerability Details

Actions

Report Stats

Share this report