TTS Bug Bounty


37 total issues disclosed

$12,450 total paid publicly


Most disclosed (5 disclosures) — Violation of Secure Design Principles

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov Information Disclosure nagli Medium 2020-07-28
Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint Use of Inherently Dangerous Function mariuszpoplawski Medium 2020-07-10
Limited LFI Remote File Inclusion mariuszpoplawski Medium 2020-07-09
HTTP Request Smuggling on https://labs.data.gov HTTP Request Smuggling puppykok High 2020-05-13
open redirect in eb9f.pivcac.prod.login.gov Open Redirect timwhite Low 2020-05-12
SSRF/XSPA in labs.data.gov/dashboard/validate Server-Side Request Forgery (SSRF) haxta4ok00 Medium 2020-05-05
Cache poisoning DoS to various TTS assets Violation of Secure Design Principles nathand High 2020-03-12
Stealing Users OAuth Tokens through redirect_uri parameter Open Redirect manshum12 High 2019-10-01
Nginx misconfiguration leading to direct PHP source code download Information Disclosure tolo7010 High 2019-07-29
SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent SQL Injection harisec Critical 2019-03-22
Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone None supplied nuke11 Medium 2018-11-13
Redirect on authorization allows account compromise Improper Authentication - Generic cablej_dds Critical 2018-11-06
Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS Cross-site Scripting (XSS) - Stored albinowax High 2018-11-01
[idp.fr.cloud.gov] Open Redirect Open Redirect bobrov Low 2018-11-01
SSH server compatible with several vulnerable cryptographic algorithms Use of a Broken or Risky Cryptographic Algorithm northivanastan Medium 2018-03-02
CI for [example.gov] can be logged in and accessible Improper Access Control - Generic kunal94 Critical 2018-02-07
Subdomain Takeover Privilege Escalation picklepwns High 2017-11-28
2FA bypass - confirmation tokens don't expire Improper Access Control - Generic muskecan Medium 2017-11-17
Error Page Content Spoofing or Text Injection None supplied dennis95 No rating 2017-11-17
CSRF in generating a new Personal Key Cross-Site Request Forgery (CSRF) streaak2 Medium 2017-11-17
CSRF to change Account Security Keys on secure.login.gov Cross-Site Request Forgery (CSRF) zk34911 Medium 2017-11-01
Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host Cross-Site Request Forgery (CSRF) sp1d3rs Medium 2017-09-28
Homo graphs attack Violation of Secure Design Principles ninjan None 2017-09-20
[api.data.gov] Leak Valid API With out Verification - Improper Authentication - Generic lawrenceamer None 2017-09-20
Information disclosure (system username) in the x-amz-meta-s3cmd-attrs response header on federation.data.gov Information Disclosure sp1d3rs Low 2017-09-16
Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers) Cross-site Scripting (XSS) - Reflected sp1d3rs Medium 2017-09-15
HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute Cross-site Scripting (XSS) - Reflected sp1d3rs Medium 2017-09-15
Server Side Misconfiguration (EMAIL SPOOFING) Improper Authentication - Generic swag01 None 2017-09-14
Email Spoofing - SPF record set to Neutral Violation of Secure Design Principles ramakanthk35 None 2017-09-06
Subdomain take-over of {REDACTED}.18f.gov Privilege Escalation jackds High 2017-09-06
{REDACTED}.data.gov subdomain takeover. Violation of Secure Design Principles edoverflow High 2017-09-06
federalist.18f.gov vulnerable to Sweet32 attack Man-in-the-Middle r0p3 Medium 2017-09-06
Double Stored Cross-Site scripting in the admin panel Cross-site Scripting (XSS) - Stored sp1d3rs Medium 2017-09-05
[IDOR] The authenticated user can restart website build or view build logs on any another Federalist account Insecure Direct Object Reference (IDOR) sp1d3rs Medium 2017-09-05
Race condition on the Federalist API endpoints can lead to the Denial of Service attack Violation of Secure Design Principles sp1d3rs Low 2017-09-05
The user, who was deleted from Github Organization, still can access all functions of federalist, in case he didn't do logout Improper Authentication - Generic sp1d3rs Medium 2017-09-05
The Federalsit session cookie (federalist.sid) is not properly invalidated - backdoor access to the account is possible Insufficient Session Expiration sp1d3rs Low 2017-09-05