Greenhouse.io


12 total issues disclosed

$2,900 total paid publicly


Most disclosed (2 disclosures) — Denial of Service

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Open S3 Bucket Accessible by any Aws User Improper Access Control - Generic kartarkat Low 2020-05-01
Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages Phishing hacker2202 High 2020-03-05
Debug information disclosure on oauth-redirector.services.greenhouse.io Information Exposure Through Debug Information ajxchapman Medium 2020-02-29
Cache poisoning using NULL bytes and long URLs Improper Null Termination irvinlim Medium 2018-09-16
Bypass of request line length limit to DoS via cache poisoning Denial of Service irvinlim Medium 2018-09-16
DoS through cache poisoning using invalid HTTP parameters Denial of Service irvinlim Medium 2018-05-02
Content Spoofing on link.greenhouse.io Violation of Secure Design Principles ahmed_ezzat_nasr0x No rating 2017-07-27
Open Redirect in <customer>.greenhouse.io Open Redirect cyneox High 2017-07-08
[greenhouse.io] CRLF Injection / Insecure nginx configuration None supplied bobrov No rating 2016-11-02
Subdomain Takeover using blog.greenhouse.io pointing to Hubspot Cross-site Scripting (XSS) - Generic fransrosen No rating 2015-02-26
SMTP protection not used (please read carefully ) Improper Authentication - Generic ashesh No rating 2014-12-07
openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io Information Disclosure simon90 No rating 2014-10-10