No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts

Disclosed: 2018-11-13 22:39:48 By cablej To uber

Medium

Vulnerability Details

No vulnerability description provided or it is restricted.

Actions

View on HackerOne

Report Stats

Report ID: 281344
State: Closed
Substate: resolved
Upvotes: 11

Share this report