information discloser about user and program

Writer M0X0101 Program 버그캠프 (Bugcamp)

WEB Not applicable Medium No Reward Created: Sep 4, 2022 (a month ago) Last Updated: Sep 5, 2022 (a month ago)

Weakness

information discloser

Description

개요

[취약점 제보에 대한 개요를 작성해 주세요]

재현 과정

[취약점 재현을 하기 위한 과정을 서술해 주세요]

  1. go to: https://bugcamp.io/api/tickets/43d9f05b12827488a923645deac00da9
  2. you will see companyUuid, program id, and user UUID

예상되는 취약점 발생 원인

information disclosure

패치 방법

don’t display the personal program, user details

예상 결과 및 파급력

information disclosure

기타사항 및 레퍼런스

https://hackerone.com/reports/1070081
https://hackerone.com/reports/188719
https://hackerone.com/reports/143064

Attachment

Timeline

M0X0101 submitted ticket. September 4, 2022 (a month ago)
Jerry MANAGER changed the status from 'Submitted' to 'Not applicable'. September 5, 2022 (a month ago)
Jerry MANAGER posted a comment. September 5, 2022 (a month ago)

Hi M0X0101
These are not sensitive information.

We will stay on attributes as public.
Thank you.

Jerry MANAGER changed the disclosure from 'Closed' to 'Disclosed (Full)'. September 5, 2022 (a month ago)