U.S. General Services Administration Bug Bounty Program Statistics | BugBountyHunter.com

U.S. General Services Administration Program Statistics

8 total issues disclosed

$0 total paid publicly

Most disclosed (1 disclosures) — Cross-Site Request Forgery (CSRF)

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users	Improper Authorization	alexandrio	Critical	2021-12-08
Unauthorized access to employee panel with default credentials.	Authentication Bypass Using an Alternate Path or Channel	7azimo	High	2021-11-13
Web Cache Poisoning leading to DoS	Denial of Service	letm3through	Medium	2021-11-08
Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings.	Path Traversal	0x0luke	Low	2021-10-02
e-mail verification bypass through interception & modification of response status	Violation of Secure Design Principles	rajeshpatil	No rating	2021-09-02
Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer	Cross-Site Request Forgery (CSRF)	rajeshpatil	Medium	2021-07-23
Weak password policy leading to exposure of administrator account access	Misconfiguration	rajeshpatil	Critical	2021-05-20
TAMS registration details API for admins open at https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/	Insecure Direct Object Reference (IDOR)	skarsom	High	2021-05-07