目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:gitlab
RepositoryPipeline allows importing of local git repos
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-11-04
Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at `{group_id}.gitlab.io`
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-09-22
Unauthorized access
GitLab Improper Access Control - Generic (CWE-284)CVE-2022-2185
Medium
2022-08-25
Found Origin IP's lead to access to gitlab
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-08-02
"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-06-08
Improper access control for users with expired password, giving the user full access through API and Git
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-01-27
A deactivated user can access data through GraphQL
GitLab Improper Access Control - Generic (CWE-284)
Medium
2021-08-30
Revoked User can still view the Merge Request created by him via API
GitLab Improper Access Control - Generic (CWE-284)
Medium
2021-03-15
Elasticsearch leaks data through the notes scope
GitLab Improper Access Control - Generic (CWE-284)
Medium
2020-10-06
Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result
GitLab Improper Access Control - Generic (CWE-284)
Medium
2020-10-06
Initial mirror user can be assigned by other user even if the mirror was removed
GitLab Improper Access Control - Generic (CWE-284)
Medium
2020-08-26
Blocked user Git access through CI/CD token
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15589
Medium
2019-12-13
Container scanning and Dependency scanning report leaked to unauthorized users
GitLab Improper Access Control - Generic (CWE-284)CVE-2019-15591CVE-2017-18269CVE-2017-16997CVE-2018-1000001CVE-2016-10228CVE-2018-18520CVE-2010-4052CVE-2018-16869CVE-2018-18311CVE-2014-3488CVE-2017-12794CVE-2018-1000201
Medium
2019-12-13
GraphQL query "namespace" leaks data
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-12-03
Bypassing push rules via MRs created by Email
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-10-01
Removing a user from a private group doesn't remove him from group's project, if his project's role was changed
GitLab Improper Access Control - Generic (CWE-284)
Medium
2019-04-05
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895