Hackers, here's an example of HackerOne's Detailed Platform Standards being used to get to a shared, and accurate understanding of severity (Critical for a mass sensitive PII leak in this case). Any other examples anyone wants to tag me in? Would appreciate it. cc: @ReconTushar
Hackers, here's an example of HackerOne's Detailed Platform Standards being used to get to a shared, and accurate understanding of severity (Critical for a mass sensitive PII leak in this case). Any other examples anyone wants to tag me in? Would appreciate it. cc: @ReconTushar
@scarybeasts @ReconTushar Just curious are all the Triager aware about this platform standard?
@scarybeasts @ReconTushar Readjusting the severity but not the bounty 🤨
@scarybeasts @ReconTushar Just would like to know, a zero click or one click account takeover via web cache poisoning should count as high or critical
@scarybeasts @ReconTushar Just for the record, I've these disclosed h1 reports on @Cloudflare's public BBP, which aren't marked Crit, despite leaking mass sensitive PII, enumerable by idS,(like customer's M356 data, BOX's single access document links etc...) - #2086301 and #2094346. cc: @eastdakota
@scarybeasts @ReconTushar Hi there! Please have a look at support portal, support asked me to wait one more week and the ticket was closed automatically.