Basic auth details is still work on report ( 351555 )
State Resolved (Closed)
Disclosed publicly 2018-08-09T12:43:46.918Z
Reported To
Weakness Information Disclosure
Bounty $100
Collapse


Timeline
submitted a report to Reverb.com .
2018-06-17T16:32:48.048Z

Hi ,
Seem report #351555 is not full fixed where 434762629765715:PQlkrSHPqqjhIBc0MmUkdjcqpps basic auth details are Still work on login

Poc :

https://api.cloudinary.com/v1_1/reverb/usage

Impact

information Disclose

Regards,
Frans

ctennis Activities::BugTriaged
2018-06-22T14:56:26.098Z


m7mdharoun Activities::Comment
2018-07-01T17:35:00.643Z
Hi @ctennis , Is here any update ? Seems the Severity here is not low I've found `Cloudinary API Documentation` can be Harmful https://cloudinary.com/documentation/admin_api#list_upload_presets Example : https://api.cloudinary.com/v1_1/reverb/upload_presets?name=my_preset&unsigned=true&tags=remote&allowed_formats=jpg,png,svg


ctennis Activities::Comment
2018-07-02T16:11:20.875Z
We appreciate the report. We have removed the original disclosure, and are doing final validation testing prior to being able to say this is resolved. We appreciate your patience just a little longer.


Activities::BountyAwarded
2018-07-10T12:31:21.716Z
Thanks for the report.


ctennis Activities::BugResolved
2018-07-10T12:31:30.298Z


m7mdharoun Activities::AgreedOnGoingPublic
2018-07-10T12:43:34.004Z
Thanks for bounty .. please can you change the title to a good one and disclose this report as not full disclosed comments only title and a small summary 🙂


Activities::ReportBecamePublic
2018-08-09T12:43:46.940Z