UPchieve Program Statistics
8 total issues disclosed
$0 total paid publicly
Most disclosed (4 disclosures) — None supplied
Disclosed Reports
Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
---|---|---|---|---|
CORS origin validation failure | None supplied | jupiter-47 | Medium | 2021-12-07 |
Authentication Bypass - Email Verification code bypass in account registration process. | None supplied | anas_44 | Critical | 2021-12-07 |
i can join without user and pass in this website https://argocd.upchieve.org/settings/accounts | Reusing a Nonce, Key Pair in Encryption | 4pag | High | 2021-08-18 |
CLICKJACKING LEADS TO DEACTIVATE ACCOUNT | UI Redressing (Clickjacking) | scianto05 | Low | 2021-08-16 |
Password reset token leak on third party website via Referer header | Storing Passwords in a Recoverable Format | n1had | Medium | 2021-08-10 |
Session Hijacking leads to full control of account by attacker | None supplied | sampritdas | None | 2021-06-24 |
User enumeration through forget password | None supplied | mr-zero | High | 2021-05-16 |
Zero click account Takeover due to Api misconfiguration 🏂🎩 | Improper Access Control - Generic | zero_or_1 | Critical | 2021-05-14 |