Krisp Program Statistics

View program

11 total issues disclosed

$0 total paid publicly

Most disclosed (1 disclosures) — Deserialization of Untrusted Data

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai Deserialization of Untrusted Data mikemyers Critical 2023-02-22
Authentication bypass for ███ leads to take over any users account. Missing Authentication for Critical Function 20_root Critical 2022-10-31
Card requirement bypass for business trial Improper Access Control - Generic 20_root Low 2022-10-21
Authentication CSRF resulting in unauthorized account access on Krisp app Improper Authentication - Generic yassineaboukir High 2022-06-20
Add more seats by paying less via PUT /v2/seats request manipulation Improper Input Validation life__001 Medium 2022-06-20
Force User to Accept Attacker's invite [ Restrict user to create account] Privilege Escalation sammam Low 2022-04-25
Visibility Robots.txt file Information Disclosure razahack No rating 2022-04-25
[api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit Time-of-check Time-of-use (TOCTOU) Race Condition alp Low 2022-04-04
Error Page Content Spoofing or Text Injection Violation of Secure Design Principles mrirfan___07 None 2022-03-09
Unsubscripe linkes leaked None supplied blackxxhat None 2022-03-09
Log4j CVE-2021–44228 Code Injection karthik86 None 2021-12-29