UPchieve Program Statistics

View program

8 total issues disclosed

$0 total paid publicly

Most disclosed (4 disclosures) — None supplied

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
CORS origin validation failure None supplied jupiter-47 Medium 2021-12-07
Authentication Bypass - Email Verification code bypass in account registration process. None supplied anas_44 Critical 2021-12-07
i can join without user and pass in this website https://argocd.upchieve.org/settings/accounts Reusing a Nonce, Key Pair in Encryption 4pag High 2021-08-18
CLICKJACKING LEADS TO DEACTIVATE ACCOUNT UI Redressing (Clickjacking) scianto05 Low 2021-08-16
Password reset token leak on third party website via Referer header Storing Passwords in a Recoverable Format n1had Medium 2021-08-10
Session Hijacking leads to full control of account by attacker None supplied sampritdas None 2021-06-24
User enumeration through forget password None supplied mr-zero High 2021-05-16
Zero click account Takeover due to Api misconfiguration 🏂🎩 Improper Access Control - Generic zero_or_1 Critical 2021-05-14