Improper Access Control on Onelogin in multi-layered architecture
State Resolved (Closed)
Disclosed publicly 2018-08-08T20:59:27.001Z
Reported To
Weakness Improper Access Control - Generic
Bounty $500
Collapse

Summary by orange

Path traversal in the web server powering uberinternal.com allowed an attacker to view content hosted on these subdomains, bypassing OneLogin authentication.

Timeline
submitted a report to Uber .
2018-03-15T05:52:21.509Z

Regards,
Frans

  • 0 attachments:
lindsey-uber Activities::Comment
2018-03-15T15:18:22.295Z


lindsey-uber Activities::BugTriaged
2018-03-15T23:10:39.999Z


orange Activities::Comment
2018-03-16T03:33:54.445Z


lindsey-uber Activities::BugResolved
2018-03-28T19:04:06.754Z


orange Activities::Comment
2018-03-28T19:10:15.302Z


lindsey-uber Activities::BugReopened
2018-03-28T19:21:03.988Z


orange Activities::Comment
2018-04-29T16:44:32.557Z


orange Activities::Comment
2018-05-11T06:22:53.000Z


fletcher Activities::Comment
2018-05-11T16:34:21.247Z


orange Activities::Comment
2018-06-27T20:08:46.414Z


lindsey-uber Activities::BugResolved
2018-06-27T20:47:01.868Z


orange Activities::Comment
2018-06-27T20:53:09.743Z


orange Activities::Comment
2018-07-10T19:29:37.373Z


lindsey-uber Activities::Comment
2018-07-10T22:39:29.625Z


Activities::BountyAwarded
2018-07-11T22:22:04.330Z


lindsey-uber Activities::AgreedOnGoingPublic
2018-07-11T22:22:40.135Z


lindsey-uber Activities::Comment
2018-07-23T20:25:03.474Z


orange Activities::Comment
2018-07-24T10:18:41.567Z


lindsey-uber Activities::Comment
2018-07-24T14:09:29.244Z


orange Activities::AgreedOnGoingPublic
2018-08-08T20:59:26.931Z


orange Activities::ReportBecamePublic
2018-08-08T20:59:27.039Z