Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report

Hi Hackerone team, I am still able to access other program details etc. when i'm authenticated to HackerOne through SAML . I'm not sure if it's the same bug i reported earlier or there is some weak authorization check in place. PFA for more info i can access related to ██████████ etc. See the date it's 16th November . Quick Note: Last time when i reported the issue the H1 team decided not to reward it. https://hackerone.com/reports/438306 However this time it's happening again. I can stop reaching out to H1 if they don't reward the ethical researchers who are willing to help their platform more secure. Please consider this as a valid finding and reward it this time . ## Impact This could be a serious issue for HackerOne since the program owners will loose trust in the service and might stop using this platform .