Collaborator and Resercher's comments can be accessed prior to proper disclosure.

418sec / huntr

Public Roadmap | huntr.dev

https://huntr.dev

264 stars 89 forks source link

Collaborator and Resercher's comments can be accessed prior to proper disclosure. #2079

Closed Saphall closed 2 years ago

Saphall commented 3 years ago

The researcher's report is hidden before patch. However the comments can still be accessed prior proper disclosure v.i.a. Hacktivity page or Researcher's profile info directly. Many vulnerabilities can be known directly through comments of collaborator and researcher. And these vulnerabilities seems to be patched only after some times. I think there should be fix to this as well.

POC Video

JamieSlome commented 2 years ago

@Saphall - this is no longer possible, and has been locked down via authorization on the report page.

Closing this issue, but if there are still outstanding concerns, we can look to re-open.

Thanks! 👏

Saphall commented 2 years ago

Yup, no longer possible. 🎉