Telegram Web Link
bootg.com Β» United States Β» Bugpoint Β» Telegram Web
Bugpoint
XSS in ZenTao integration affecting self hosted instances without strict CSP

πŸ‘‰ https://hackerone.com/reports/1542510

πŸ”Ή Severity: High | πŸ’° 13,950 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #joaxcar
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 9:10am (UTC)
πŸ”₯3
275 views
Bugpoint
Regex account takeover

πŸ‘‰ https://hackerone.com/reports/1581059

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #ghaem51
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:00pm (UTC)
292 views
Bugpoint
Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat

πŸ‘‰ https://hackerone.com/reports/1401268

πŸ”Ή Severity: High
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #danieljpp
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:00pm (UTC)
260 views
Bugpoint
It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.

πŸ‘‰ https://hackerone.com/reports/917946

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #garretby
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:00pm (UTC)
265 views
Bugpoint
getUserMentionsByChannel leaks messages with mention from private channel

πŸ‘‰ https://hackerone.com/reports/1410246

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:01pm (UTC)
258 views
Bugpoint
Bypass local authentication (PIN code)

πŸ‘‰ https://hackerone.com/reports/1126414

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #dago_669
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:01pm (UTC)
278 views
Bugpoint
Unintended information disclosure in the Hubot Log files

πŸ‘‰ https://hackerone.com/reports/1394399

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #rolfzur
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:01pm (UTC)
316 views
Bugpoint
REST API gets `query` as parameter and executes it

πŸ‘‰ https://hackerone.com/reports/1140631

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #paulocsanz
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:02pm (UTC)
276 views
Bugpoint
Message ID Enumeration with Action Link Handler

πŸ‘‰ https://hackerone.com/reports/1406953

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:02pm (UTC)
259 views
Bugpoint
TOTP 2 Factor Authentication Bypass

πŸ‘‰ https://hackerone.com/reports/1448268

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:02pm (UTC)
251 views
Bugpoint
getRoomRoles Method leaks Channel Owner

πŸ‘‰ https://hackerone.com/reports/1447440

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:03pm (UTC)
234 views
Bugpoint
NoSQL-Injection discloses S3 File Upload URLs

πŸ‘‰ https://hackerone.com/reports/1458020

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:03pm (UTC)
218 views
Bugpoint
API route chat.getThreadsList leaks private message content

πŸ‘‰ https://hackerone.com/reports/1446767

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:03pm (UTC)
210 views
Bugpoint
Message ID Enumeration with Regular Expression in getReadReceipts Meteor method

πŸ‘‰ https://hackerone.com/reports/1377105

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:03pm (UTC)
207 views
Bugpoint
Rocket.chat user info security issue

πŸ‘‰ https://hackerone.com/reports/1517377

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #mikolajczak
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:04pm (UTC)
210 views
Bugpoint
getUsersOfRoom discloses users in private channels

πŸ‘‰ https://hackerone.com/reports/1410357

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Rocket.Chat
πŸ”Ή Reported By: #gronke
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 4:04pm (UTC)
226 views
Bugpoint
Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at `{group_id}.gitlab.io`

πŸ‘‰ https://hackerone.com/reports/1591412

πŸ”Ή Severity: Medium | πŸ’° 1,990 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #joaxcar
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 9:31pm (UTC)
πŸ”₯1
254 views
Bugpoint
Content injection in Jira issue title enabling sending arbitrary POST request as victim

πŸ‘‰ https://hackerone.com/reports/1533976

πŸ”Ή Severity: High | πŸ’° 8,690 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #joaxcar
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 9:32pm (UTC)
πŸ”₯1
283 views
Bugpoint
Open Redirect on www.redditinc.com via `failed` query param

πŸ‘‰ https://hackerone.com/reports/1257753

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Reddit
πŸ”Ή Reported By: #lu3ky-13
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 22, 2022, 11:27pm (UTC)
317 views
Bugpoint
com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover

πŸ‘‰ https://hackerone.com/reports/1343300

πŸ”Ή Severity: High | πŸ’° 1,210 USD
πŸ”Ή Reported To: Basecamp
πŸ”Ή Reported By: #fr4via
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 23, 2022, 9:33am (UTC)
366 views
2025/10/22 18:37:57
Back to Top
HTML Embed Code: