Lark Technologies


8 total issues disclosed

$17,050 total paid publicly


Most disclosed (4 disclosures) — Server-Side Request Forgery (SSRF)

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Non privileged user is able to approve his own app himself leading to mass privilege escalations. Privilege Escalation imran_nisar High 2021-11-20
Attacker is able to join any tenant on larksuite and view personal files/chats. Privilege Escalation imran_nisar Critical 2021-11-03
[Lark Android] Vulnerability in exported activity WebView Cross-site Scripting (XSS) - Generic shell_c0de Medium 2021-07-22
Improper Access Control on Lark Footer Feature Improper Access Control - Generic imran_nisar High 2021-05-18
SSRF with information disclosure Server-Side Request Forgery (SSRF) jin0ne Medium 2021-04-27
Server Side Request Forgery Server-Side Request Forgery (SSRF) jin0ne Critical 2021-03-29
Server Side Request Forgery Server-Side Request Forgery (SSRF) jin0ne Critical 2021-03-29
Stored XSS & SSRF in Lark Docs Server-Side Request Forgery (SSRF) mike12 Critical 2021-02-05