Information Disclosure which violate program privacy
Low
Vulnerability Details
**Summary:**
please refer to the following report:
https://hackerone.com/reports/311289
It was noticed that TTS changed the summary and set the domain to example.gov as not to reveal to the public. But at the bottom of the page, "britta changed the scope from https://ci.fr.cloud.gov to None."
Recommendation:
Should only provide general message for such situation: "britta changed the scope"
## Impact
not much of impact. but violate Confidentiality of the program.
Actions
View on HackerOneReport Stats
- Report ID: 313075
- State: Closed
- Substate: informative
- Upvotes: 5