Uber


Most disclosed vulnerability type (32 disclosures) — Improper Authentication - Generic

ddworken has disclosed the most with 14 reports!

175 total issues disclosed

$281,450 total paid publicly


Accepts reports via HackerOne

Uber's top public payouts




Most recently disclosed


duplicate hsts headers lead to firefox ignoring hsts on business.uber.com

@ Submitted by redshark1802
Bug Type: None supplied

Disclosed on 2020-04-30

Rating: Low


Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

@ Submitted by healdb
Bug Type: Cleartext Transmission of Sensitive Information

Disclosed on 2020-04-30

Rating: High


Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

@ Submitted by healdb
Bug Type: Cleartext Transmission of Sensitive Information

Disclosed on 2020-04-30

Rating: High


Rating: Low


ubernycmarketplace.com is vulnerable to the Heartbleed Bug

@ Submitted by healdb
Bug Type: Information Disclosure

Disclosed on 2020-04-23

Rating: Low


Subdomain takeover on mta1a1.spmail.uber.com

@ Submitted by 0x3c3e
Bug Type: Improper Access Control - Generic

Disclosed on 2020-04-06

Rating: Medium


Change the rating of any trip, therefore change the average driver rating

@ Submitted by overjt
Bug Type: Business Logic Errors

Disclosed on 2020-04-06

Rating: Medium


Rating: High


Rating: High


Rating: Medium


Client secret, server tokens for developer applications returned by internal API

@ Submitted by appsecure_in
Bug Type: Information Disclosure

Disclosed on 2019-02-08

Rating: No rating


Open Redirect on central.uber.com allows for account takeover

@ Submitted by ngalog
Bug Type: Improper Authentication - Generic

Disclosed on 2019-01-25

Rating: High


Chained Bugs to Leak Victim's Uber's FB Oauth Token

@ Submitted by ngalog
Bug Type: Improper Authentication - Generic

Disclosed on 2019-01-25

Rating: High


Stored XSS on any page in most Uber domains

@ Submitted by mdv
Bug Type: Cross-site Scripting (XSS) - Stored

Disclosed on 2018-11-20

Rating: High


No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts

@ Submitted by cablej
Bug Type: Improper Authentication - Generic

Disclosed on 2018-11-13

Rating: Medium