HackerOne reports escalation to JIRA is CSRF vulnerable

Disclosed: 2017-08-30 09:33:31 By whhackersbr To security

Medium

Vulnerability Details

**Summary:** HackerOne reports escalation to JIRA is CSRF vulnerable **Description (Include Impact):** An attacker can steal private reports details through a CSRF in HackerOne report escalation to JIRA implementation. ### CSRF GET https://hackerone.com/reports/[REPORT_NUMBER]/escalate ### Optional: Supporting Material/References (Screenshots) * https://youtu.be/N6JSGA_RIV4

Actions

View on HackerOne

Report Stats

Report ID: 226418
State: Closed
Substate: resolved
Upvotes: 34

HackerOne reports escalation to JIRA is CSRF vulnerable

Vulnerability Details

Actions

Report Stats

Share this report