Uber


194 total issues disclosed

$364,450 total paid publicly


Most disclosed (33 disclosures) — Improper Authentication - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Publicly exposed HashiCorp Vault (Secrets management) at usec-gcp-staging.uberinternal.com & usec-gcp.uberinternal.com None supplied ayoubfathi_ No rating 2021-08-27
Chain of vulnerabilities in Uber for Business Vouchers program allows for attacker to perform arbitrary charges to victim's U4B payment account Insecure Direct Object Reference (IDOR) pmnh High 2021-08-12
CVE-2020-3452 - unauthenticated file read on anyconnect.routematch.com Path Traversal 0xprial Medium 2021-08-05
pam_ussh does not properly validate the SSH certificate authority Improper Authentication - Generic penguinsaretasty Medium 2021-07-21
API on campus-vtc.com allows access to ~100 Uber users full names, email addresses and telephone numbers. Information Disclosure healdb High 2021-07-08
IDOR leads to See analytics of Loyalty Program in any restaurant. Insecure Direct Object Reference (IDOR) 0xprial Medium 2021-05-28
private passenger information is exposed to the Uber Driver app during ride dispatch ("Ping") events Information Disclosure beezlewaxin Medium 2021-05-14
Unrestricted File Upload Results in Cross-Site Scripting Attacks Cross-site Scripting (XSS) - Stored hunt4p1zza Medium 2021-05-14
Corss-Tenant IDOR on Business allowing escalation privilege, invitation takeover, and edition of any other Businesses' employees Privilege Escalation bubbounty Medium 2021-05-14
IDOR leads to leak analytics of any restaurant Insecure Direct Object Reference (IDOR) 0xprial Medium 2021-04-29
Critical Information disclosure of rtapi token for any user via https://video-support-staging.uber.com/video/api/getPopulousUser Information Disclosure m4ll0k Critical 2021-03-29
Reflected XSS on https://www.uber.com None supplied samux High 2021-03-15
Open AWS S3 bucket at ubergreece.s3.amazonaws.com exposes confidential internal documents and files Information Disclosure healdb Low 2021-03-12
Unauthorized access to █████████.com allows access to Uber Brazil tax documents and system. Improper Access Control - Generic healdb Low 2021-03-06
[Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo Insecure Storage of Sensitive Information tomnomnom Critical 2021-02-25
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter Cross-site Scripting (XSS) - Stored corb3nik High 2021-02-25
Pre-auth Remote Code Execution on multiple Uber SSL VPN servers Command Injection - Generic orange Critical 2021-02-24
[manage.jumpbikes.com] Blind XSS on Jump admin panel via user name Cross-site Scripting (XSS) - Stored cablej Critical 2021-02-23
duplicate hsts headers lead to firefox ignoring hsts on business.uber.com None supplied redshark1802 Low 2020-04-30
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg Cleartext Transmission of Sensitive Information healdb High 2020-04-30
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg Cleartext Transmission of Sensitive Information healdb High 2020-04-30
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg Cleartext Transmission of Sensitive Information healdb High 2020-04-30
ubernycmarketplace.com is vulnerable to the Heartbleed Bug Information Disclosure healdb Low 2020-04-23
Full Path and internal information disclosure+ SQLNet.log file disclose internal network information None supplied peroni Low 2020-04-23
Change the rating of any trip, therefore change the average driver rating Business Logic Errors overjt Medium 2020-04-06
Subdomain takeover on mta1a1.spmail.uber.com Improper Access Control - Generic 0x3c3e Medium 2020-04-06
Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter Information Disclosure appsecure_in High 2019-09-09
Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter Information Disclosure appsecure_in High 2019-09-09
Lack of proper paymentProfileUUID validation allows any number of free rides without any outstanding balance Business Logic Errors eequalsmc2 Medium 2019-07-18
Client secret, server tokens for developer applications returned by internal API Information Disclosure appsecure_in No rating 2019-02-08
Chained Bugs to Leak Victim's Uber's FB Oauth Token Improper Authentication - Generic ngalog High 2019-01-25
Open Redirect on central.uber.com allows for account takeover Improper Authentication - Generic ngalog High 2019-01-25
Stored XSS on any page in most Uber domains Cross-site Scripting (XSS) - Stored mdv High 2018-11-20
Reflected XSS on multiple uberinternal.com domains Cross-site Scripting (XSS) - Reflected fady_othman Medium 2018-11-13
Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/ Cross-site Scripting (XSS) - Reflected fady_othman Medium 2018-11-13
Privacy policy contains hardcoded link using unencrypted HTTP Code Injection nightwatch-cybersecurity Low 2018-11-13
Possibility to inject a malicious JavaScript code in any file on tags.tiqcdn.com results in a stored XSS on any page in most Uber domains Cross-site Scripting (XSS) - Stored mdv High 2018-11-13
Open redirect on rush.uber.com, business.uber.com, and help.uber.com Open Redirect 4lemon Low 2018-11-13
SMS/Call spamming due to truncated phone number Improper Authentication - Generic indcyberjoker Low 2018-11-13
Delay of arrears notification allows Riders to take multiple rides without paying Business Logic Errors djangohack None 2018-11-13
No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts Improper Authentication - Generic cablej Medium 2018-11-13
Hack The World 2017 Top 2 Bonus None supplied nullelite No rating 2018-11-13
XSS on partners.uber.com due to no user input sanitisation Cross-site Scripting (XSS) - Generic 0x0luke Low 2018-10-04
Reflected XSS on Partners Subdomain None supplied mefkan High 2018-09-16
Information Leakage - GitHub - VCenter configuration scripts, StorMagic usernames and password along with default ESXi root password None supplied peuch Medium 2018-08-27
Information Leak - GitHub - Endpoint Configuration Details Information Disclosure peuch Medium 2018-08-27
Improper Access Control on Onelogin in multi-layered architecture Improper Access Control - Generic orange No rating 2018-08-08
Design Issue at riders.uber.com/profile Business Logic Errors ss3 None 2017-12-28
muber-id Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint Cross-site Scripting (XSS) - Reflected gregoryvperry Critical 2017-12-26
lite:sess Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint Cross-site Scripting (XSS) - Reflected gregoryvperry Critical 2017-12-26
udi-id Query Parameter Can Generate SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint Cross-site Scripting (XSS) - Reflected gregoryvperry Critical 2017-12-26
SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint Cross-site Scripting (XSS) - Reflected gregoryvperry Critical 2017-12-26
SSL-protected Reflected XSS in m.uber.com Cross-site Scripting (XSS) - Reflected gregoryvperry Critical 2017-12-26
Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication Improper Authentication - Generic gregoryvperry Medium 2017-12-26
It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without Improper Authentication - Generic gregoryvperry Medium 2017-12-26
SSL-protected Reflected XSS in https://m.uber.com/0-dfffb25d2cf6ceeb0a27.js Endpoint Cross-site Scripting (XSS) - Reflected gregoryvperry Critical 2017-12-26
The Uber Promo Customer Endpoint Does Not Implement Multifactor Authentication, Blacklisting or Rate Limiting Brute Force gregoryvperry High 2017-12-24
The Microsoft Store Uber App Does Not Implement Server-side Token Revocation Insufficient Session Expiration gregoryvperry Medium 2017-12-24
The Microsoft Store Uber App Does Not Implement Certificate Pinning Improper Certificate Validation gregoryvperry Critical 2017-12-24
SAML Authentication Bypass on uchat.uberinternal.com Improper Authentication - Generic mishre High 2017-09-05
Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com Improper Authentication - Generic arneswinnen Critical 2017-07-13
deleting payment profile during active trip puts account into arrears but active trip is temporarily “free” Business Logic Errors temmyscript None 2017-06-28
phone number exposure for riders/drivers given email/uuid Information Exposure Through an Error Message vijay_kumar Medium 2017-06-02
Session not expired When logout [partners.uber.com] None supplied hurthearts None 2017-05-27
password reset token leaking allowed for ATO of an Uber account Improper Authentication - Generic procode701 Critical 2017-05-17
ability to retrieve a user's phone-number/email for a given inviteCode Information Disclosure kushal89shah No rating 2017-05-17
SQL injection in 3rd party software Anomali SQL Injection kazan71p High 2017-03-21
pam-ussh may be tricked into using another logged in user's ssh-agent Improper Authentication - Generic solardiz Medium 2017-03-20
Authorization issue in Google G Suite allows DoS through HTTP redirect Denial of Service rijalrojan High 2017-02-09
Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront Privilege Escalation fransrosen No rating 2016-12-13
Users can falsely declare their own Uber account info on the monthly billing application Improper Authentication - Generic rubyroobs No rating 2016-10-20
Stealing users password (Limited Scenario) Violation of Secure Design Principles geekboy No rating 2016-09-29
Open Redirect in m.uber.com None supplied bobrov No rating 2016-09-27
Attacker could setup reminder remotely using brute force Cross-Site Request Forgery (CSRF) cymtrick No rating 2016-09-19
text injection in get.uber.com/check-otp None supplied gopinath6 No rating 2016-09-16
Changing paymentProfileUuid when booking a trip allows free rides Cross-Site Request Forgery (CSRF) temmyscript No rating 2016-09-15
Reading Emails in Uber Subdomains Improper Authentication - Generic rijalrojan No rating 2016-09-14
Bulk UUID enumeration via invite codes Information Disclosure vijay_kumar No rating 2016-09-08
Get organization info base on uuid Improper Authentication - Generic severus No rating 2016-09-02
Estimation of a Lower Bound on Number of Uber Drivers via Enumeration Information Disclosure ddworken No rating 2016-08-24
Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains Improper Authentication - Generic vivek-p No rating 2016-08-24
Multiple vulnerabilities in a WordPress plugin at drive.uber.com SQL Injection 0xsyndr0me No rating 2016-08-23
newsroom.uber.com is vulnerable to 'SOME' XSS attack via plupload.flash.swf Code Injection jamesclyde No rating 2016-08-22
XSS At "pages.et.uber.com" Cross-site Scripting (XSS) - Generic raghav_bisht No rating 2016-08-19
[IODR] Get business trip via organization id Improper Authentication - Generic severus No rating 2016-08-15
Missing authorization checks leading to the exposure of ubernihao.com administrator accounts Information Disclosure issam_rabhi No rating 2016-08-15
[CRITICAL] -- Complete Account Takeover Improper Authentication - Generic parth No rating 2016-08-15
User Enumeration and Information Disclosure Information Disclosure pl_bounty No rating 2016-08-12
Brute Force Amplification Attack Violation of Secure Design Principles enmach No rating 2016-08-12
Content injection on 404 error page at faspex.uber.com Violation of Secure Design Principles ak1t4 No rating 2016-08-12
CBC "cut and paste" attack may cause Open Redirect(even XSS) Cryptographic Issues - Generic orange No rating 2016-08-12
Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers Information Disclosure ddworken No rating 2016-08-12
Stored XSS on developer.uber.com via admin account compromise Cross-site Scripting (XSS) - Generic albinowax No rating 2016-08-12
Avoiding Surge Pricing Violation of Secure Design Principles nikhil_patil No rating 2016-08-11
Blind OOB XXE At "http://ubermovement.com/" Command Injection - Generic raghav_bisht No rating 2016-08-08
Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin Cross-site Scripting (XSS) - Generic jouko No rating 2016-07-27
XSS in people.uber.com Cross-site Scripting (XSS) - Generic thezawad No rating 2016-07-26
Bruteforce INVITE codes easy way Violation of Secure Design Principles blinkms No rating 2016-07-26
Brute-Forcing invite codes in partners.uber.com Violation of Secure Design Principles mefkan No rating 2016-07-26
reopen #128853 (Information disclosure at lite.uber.com) Information Disclosure kusl No rating 2016-07-26
Missing authentication on Notification setting . Improper Authentication - Generic vijay_kumar No rating 2016-07-26
Uber for Business Allows Administrators to Change Uber Driver Ratings Due to Failure to Authenticate `fast-rating` Endpoint Improper Authentication - Generic ddworken No rating 2016-07-26
Self-XSS on partners.uber.com Cross-site Scripting (XSS) - Generic cyber__sec No rating 2016-07-26
XSS via password recovering Cross-site Scripting (XSS) - Generic codequick No rating 2016-07-26
Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously Improper Authentication - Generic punkit No rating 2016-07-26
User credentials are not strong on vault.uber.com Improper Authentication - Generic bugs3ra No rating 2016-07-26
XSS in uber oauth Cross-site Scripting (XSS) - Generic zombiehelp54 No rating 2016-07-26
Can add employee in business.uber.com without add payment method Improper Authentication - Generic severus No rating 2016-07-26
Text Only Content Spoofing on ubermovement.com Community Page Violation of Secure Design Principles vivek-p No rating 2016-07-26
Requested and received edit access to Google form Information Disclosure siddiki No rating 2016-07-26
Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com Privilege Escalation rojansec No rating 2016-07-26
Uber is Flooding my Mobile with SMS Daily like a cron JOB Violation of Secure Design Principles anish2good No rating 2016-07-26
xss in https://www.uber.com Cross-site Scripting (XSS) - Generic netfuzzer No rating 2016-07-25
SQL Injection on sctrack.email.uber.com.cn SQL Injection orange No rating 2016-07-25
xss vulnerability in http://ubermovement.com/community/daniel Cross-site Scripting (XSS) - Generic netfuzzer No rating 2016-07-21
OneLogin authentication bypass on WordPress sites via XMLRPC Code Injection jouko No rating 2016-07-16
Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical) Improper Authentication - Generic mongo No rating 2016-07-14
Lack of CNAME/A Record Trimming Pointing Uber Domains to Insecure Non-Uber AWS Instances/Sites Information Disclosure jutsuce No rating 2016-07-13
Information regarding trips from other users Information Disclosure maluko No rating 2016-07-12
Stored self-XSS at m.uber.com Cross-site Scripting (XSS) - Generic skavans No rating 2016-07-09
Newsroom.uber HTML form without CSRF protection Cross-Site Request Forgery (CSRF) mefkan No rating 2016-07-08
Error Message on 404 page None supplied top No rating 2016-07-08
Email Enumeration Vulnerability None supplied hussein98d No rating 2016-07-08
Self-XSS in Partners Profile Cross-site Scripting (XSS) - Generic s0nk3y No rating 2016-07-08
Phone Number Enumeration Information Disclosure megocode3 No rating 2016-07-08
Server version disclosure: team.uberinternal.com Information Disclosure benoculars No rating 2016-07-08
Command Injection, Information Command Injection - Generic khiladibayal No rating 2016-07-08
faspex.uber.com uses an invalid SSL certificate Cryptographic Issues - Generic ddworken No rating 2016-07-08
Authentication Issue for easter egg on bonjour.uber.com Improper Authentication - Generic ddworken No rating 2016-07-08
Server version disclosure Information Disclosure japz No rating 2016-07-08
Email Address Enumeration Violation of Secure Design Principles mefkan No rating 2016-07-08
Header Injection Denial of Service mangotango No rating 2016-07-08
Clickjacking in love.uber.com Violation of Secure Design Principles mangotango No rating 2016-07-08
Information Disclosure on lite.uber.com Information Disclosure kusl No rating 2016-07-08
Stored XSS in developer.uber.com Cross-site Scripting (XSS) - Generic albinowax No rating 2016-06-27
Possibility to get private email using UUID Information Disclosure shmoo No rating 2016-06-15
Unauthorized file (invoice) download Improper Authentication - Generic ninad No rating 2016-06-15
Use Partner/Driver App Without Being Activated Improper Authentication - Generic shmoo No rating 2016-06-14
SQL injection in Wordpress Plugin Huge IT Video Gallery at https://drive.uber.com/frmarketplace/ SQL Injection glc No rating 2016-06-14
Possible to View Driver Waybill via Driver UUID Information Disclosure shmoo No rating 2016-06-14
Unsubscribe any user from receiving email Violation of Secure Design Principles ashish_r_padelkar No rating 2016-06-14
developer.uber.com/404 and developer.uber.com/docs/404 are susceptible to iframes None supplied jreynoldsdev No rating 2016-06-14
Disclosure of ways to the site root Information Disclosure cyberunit No rating 2016-06-14
Information disclosure at lite.uber.com Information Disclosure kusl No rating 2016-06-14
Multiple Vulnerabilities (Including SQLi) in love.uber.com None supplied siddiki No rating 2016-06-14
Easy spam with USE My PHONE Feature Memory Corruption - Generic decoder No rating 2016-06-14
Session Impersonation in riders.uber.com Improper Authentication - Generic durga No rating 2016-06-14
Brute Forcing rider-view Endpoint Allows for Counting Number of Active Uber Drivers Information Disclosure ddworken No rating 2016-06-14
Disclosure of ip addresses in local network of uber Information Disclosure iad No rating 2016-06-14
SMS Flood with Update Profile Denial of Service anish2good No rating 2016-06-14
Changing Driver Passwords With Only an Authenticated Session (no password, no email) Violation of Secure Design Principles ddworken No rating 2016-06-14
Uploading Plain Text to uber-documents.s3.amazonaws.com Through the Driver Document Upload Page Violation of Secure Design Principles ddworken No rating 2016-06-14
Uber password reset link EMAIL FLOOD Denial of Service anish2good No rating 2016-06-14
Privilege escalation to allow non activated users to login and use uber partner ios app Privilege Escalation mini No rating 2016-06-14
Possibility to brute force invite codes in riders.uber.com Violation of Secure Design Principles r0t No rating 2016-06-14
Stored Cross Site Scripting [SELF] in partners.uber.com Cross-site Scripting (XSS) - Generic patrik No rating 2016-06-14
Create account in uber without signup form Improper Authentication - Generic blueberryinfosec No rating 2016-06-13
Self-XSS Vulnerability on Password Reset Form Cross-site Scripting (XSS) - Generic bhavi No rating 2016-06-13
Active Email Hyperlink Sent on riders.uber.com Violation of Secure Design Principles rohk No rating 2016-06-13
Enumerating userIDs with phone numbers Information Disclosure r0t1v No rating 2016-06-11
Password Reset Does Not Confirm the Existence of an Email Address Improper Authentication - Generic err No rating 2016-06-08
Compromising Atlassian Confluence (team.uberinternal.com) via WordPress (newsroom.uber.com) Privilege Escalation jouko No rating 2016-06-06
OneLogin authentication bypass on WordPress sites Improper Authentication - Generic jouko No rating 2016-06-06
Bypassing Uber Partner's 3 Cancel Limit Command Injection - Generic razeeb No rating 2016-05-27
DOM based XSS on Code Injection blackzero No rating 2016-05-26
Issue with Password reset functionality Improper Authentication - Generic ninad No rating 2016-05-23
Stored XSS in drive.uber.com WordPress admin panel Cross-site Scripting (XSS) - Generic jouko No rating 2016-05-14
Drivers can change profile picture Improper Authentication - Generic rohk No rating 2016-05-12
CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to ```backup.uber.com``` None supplied ddworken No rating 2016-05-10
CRLF Injection in developer.uber.com None supplied kirit1193 No rating 2016-05-10
Session retention is present which reveals the customer info Improper Authentication - Generic blueberryinfosec No rating 2016-05-10
XSS on love.uber.com Cross-site Scripting (XSS) - Generic iad No rating 2016-05-10
Reflected XSS via Livefyre Media Wall in newsroom.uber.com Cross-site Scripting (XSS) - Generic mdv No rating 2016-05-10
Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0) Cross-site Scripting (XSS) - Generic ddworken No rating 2016-05-10
Reflected XSS via Unvalidated / Open Redirect in uber.com None supplied mdv No rating 2016-05-10
Dom Based Xss Cross-site Scripting (XSS) - Generic e3xpl0it No rating 2016-05-10
Mass Assignment Vulnerability in partners.uber.com Code Injection rohk No rating 2016-05-10
XSS @ love.uber.com Cross-site Scripting (XSS) - Generic siddiki No rating 2016-05-07
Cross-site Scripting (XSS) Cross-site Scripting (XSS) - Generic djadmin No rating 2016-05-07
CSRF on eng.uber.com may lead to server-side compromise Cross-Site Request Forgery (CSRF) jouko No rating 2016-04-26
SQLi in love.uber.com SQL Injection iad No rating 2016-04-25
Pixel flood attack in https://riders.uber.com/profile Denial of Service pwder No rating 2016-04-25
It is possible to re-rate a driver after a very long time Violation of Secure Design Principles mohaab007 No rating 2016-04-25
Open Redirection on Uber.com Open Redirect rohk No rating 2016-04-23
XSS In archive.uber.com Due to Mime Sniffing in IE Cross-site Scripting (XSS) - Generic ddworken No rating 2016-04-06
CSV Injection in business.uber.com Information Disclosure ddworken No rating 2016-04-06
uber.com may RCE by Flask Jinja2 Template Injection Code Injection orange No rating 2016-04-06
HTML Escaping Error in the 404 Page on developer.uber.com/docs/ Cross-site Scripting (XSS) - Generic ddworken No rating 2016-04-06
XSS in getrush.uber.com Cross-site Scripting (XSS) - Generic ddworken No rating 2016-04-06
Reflected XSS on Uber.com careers Cross-site Scripting (XSS) - Generic pavanw3b No rating 2016-04-06
Reflected XSS on developer.uber.com via Angular template injection Cross-site Scripting (XSS) - Generic albinowax No rating 2016-04-05
XSS on partners.uber.com Cross-site Scripting (XSS) - Generic redshark1802 No rating 2016-03-24
LIsting of http://archive.uber.com/pypi/simple/ Information Disclosure gopinath6 No rating 2016-03-24
Cross-site Scripting (XSS) autocomplete generation in https://www.uber.com/ Cross-site Scripting (XSS) - Generic exodia_forbidden_one No rating 2016-03-24