Helium Program Statistics

View program

11 total issues disclosed

$2,300 total paid publicly

Most disclosed (2 disclosures) — Insecure Direct Object Reference (IDOR)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
SSRF By adding a custom integration on console.helium.com Server-Side Request Forgery (SSRF) th0roid High 2021-05-26
Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization Business Logic Errors eissen5c Medium 2020-11-27
Hyperlink Injection on Email Invitation Open Redirect eissen5c Low 2020-11-24
Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify Improper Authentication - Generic w2w Medium 2020-07-26
Read-Only user can delete users Insecure Direct Object Reference (IDOR) amr321 High 2020-07-10
HTTP request Smuggling HTTP Request Smuggling dracomalfoy High 2020-07-02
Read-only user can delete higher privileged members using open DELETE /api/memberships/<membershipID> endpoint Privilege Escalation chipped Medium 2020-06-29
unpermitted user can change the device name of admin account None supplied error___404 High 2020-06-16
Cleartext Transmission of Sensitive Information Leads to administrator access Cleartext Transmission of Sensitive Information kdr9666 Medium 2020-05-30
Organization Takeover Improper Access Control - Generic azraelsec High 2020-05-27
Organization Takeover via invitation API Insecure Direct Object Reference (IDOR) azraelsec Medium 2020-05-27