Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚨 Potential Improper Access Control #66

Closed
huntr-helper opened this issue May 21, 2021 · 14 comments
Closed

🚨 Potential Improper Access Control #66

huntr-helper opened this issue May 21, 2021 · 14 comments

Comments

@huntr-helper
Copy link

👋 Hello, @1Danish-00, @buddhhu, @xditya - a potential high severity Improper Access Control vulnerability in your repository has been disclosed to us.

Next Steps

1️⃣ Visit https://huntr.dev/bounties/1-other-TeamUltroid/Ultroid for more advisory information.

2️⃣ Sign-up to validate or speak to the researcher for more assistance.

3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.

Confused or need more help?

  • Join us on our Discord and a member of our team will be happy to help! 🤗

  • Speak to a member of our team: @JamieSlome

This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
@buddhhu
Copy link
Member

buddhhu commented May 21, 2021
edited

Did anyone connect our organization there? Or are you some random shit?

@xditya xditya closed this as completed May 21, 2021
@the-blank-x
Copy link

the-blank-x commented May 22, 2021
edited

Azure/ms-rest-nodeauth#117
I assumed the link would be private because it's a security vulnerability but I checked and it's marked as invalid, sorry

@TeamUltroid TeamUltroid deleted a comment from TechiError May 22, 2021
@TeamUltroid TeamUltroid deleted a comment from Atul-Kumar-Jena May 22, 2021
@TeamUltroid TeamUltroid deleted a comment from iAkashPattnaik May 22, 2021
@TeamUltroid TeamUltroid deleted a comment from Atul-Kumar-Jena May 22, 2021
@TeamUltroid TeamUltroid deleted a comment from iAkashPattnaik May 22, 2021
@TeamUltroid TeamUltroid deleted a comment from Atul-Kumar-Jena May 22, 2021
@sppidy sppidy reopened this May 22, 2021
@sppidy
Copy link
Member

sppidy commented May 22, 2021

We Will Be Fixing this issue soon

@novik8989
Copy link

Hi @sppidy,

Thanks for the confirmation. So I assume this advisory is valid?

sppidy added a commit that referenced this issue May 22, 2021
@sppidy @xditya
@1Danish-00 @ArnabXD @Divkix @TechiError
Fixes of Issue#66 [#66]
fde26ee 
We Have Encoded all our APIs We will merge to Main Branch as soon as we are done with other things

Co-authored-by: Aakash <BLUE-DEVIL1134@users.noreply.github.com>
Co-authored-by: Aditya <me@xditya.me>
Co-authored-by: Danish <danish@ultroid.tech>
Co-authored-by: buddhhu <buddhuu@users.noreply.github.com>
Co-authored-by: sppidy <spidy@ultroid.tech>
Co-authored-by: Arnab Paryali <Arnabxd@users.noreply.github.com>
Co-authored-by: divkix <divkix@users.noreply.github.com>
Co-authored-by: hellboi_atul <hellboi-atul@users.noreply.github.com>
Co-authored-by: Programming Error <error@notavailable.live>
Co-authored-by: New-dev0 <New-dev0@notavailable.live>
sppidy added a commit that referenced this issue May 22, 2021
@sppidy @xditya
@1Danish-00 @ArnabXD @Divkix @TechiError
Fixed Issue#66 [#66] (#68)
bf55cfb 
* Fixes of Issue#66 [#66]

We Have Encoded all our APIs We will merge to Main Branch as soon as we are done with other things

Co-authored-by: Aakash <BLUE-DEVIL1134@users.noreply.github.com>
Co-authored-by: Aditya <me@xditya.me>
Co-authored-by: Danish <danish@ultroid.tech>
Co-authored-by: buddhhu <buddhuu@users.noreply.github.com>
Co-authored-by: sppidy <spidy@ultroid.tech>
Co-authored-by: Arnab Paryali <Arnabxd@users.noreply.github.com>
Co-authored-by: divkix <divkix@users.noreply.github.com>
Co-authored-by: hellboi_atul <hellboi-atul@users.noreply.github.com>
Co-authored-by: Programming Error <error@notavailable.live>
Co-authored-by: New-dev0 <New-dev0@notavailable.live>
@sppidy
Copy link
Member

sppidy commented May 22, 2021

We Have Fixed This on Dev Branch We will be Pushing to Main brach As Soon as Possible

bf55cfb

@sppidy sppidy closed this as completed May 22, 2021
@huntr-helper
Copy link
Author

📦 A patch has been submitted for this report. 🔗 Check the patch (HEAD...sppidy:dev) or visit the advisory page (https://huntr.dev/bounties/1-other-TeamUltroid/Ultroid) for more information.

1 similar comment
@huntr-helper
Copy link
Author

📦 A patch has been submitted for this report. 🔗 Check the patch (HEAD...sppidy:dev) or visit the advisory page (https://huntr.dev/bounties/1-other-TeamUltroid/Ultroid) for more information.

@sppidy sppidy reopened this May 22, 2021
@sppidy
Copy link
Member

sppidy commented May 22, 2021
edited

Hi @sppidy,

Thanks for the confirmation. So I assume this advisory is valid?

Yes.

sppidy added a commit that referenced this issue May 22, 2021
@sppidy
Fixed Issue (#66) [#66]
c1067a4 
We Will be Merging this to Main within Tommorow
@JamieSlome
Copy link

@sppidy - I can see this was marked as invalid, shall I go ahead and update it to valid?

@sppidy
Copy link
Member

sppidy commented May 22, 2021

@novik8989 We Have Fixed the Issue in dev branch We Will be merging this to main branch ASAP

@sppidy
Copy link
Member

sppidy commented May 22, 2021

@sppidy - I can see this was marked as invalid, shall I go ahead and update it to valid?

Yeah Sure

@huntr-helper
Copy link
Author

📦 A patch has been submitted for this report. 🔗 Check the patch (HEAD...sppidy:dev) or visit the advisory page (https://huntr.dev/bounties/1-other-TeamUltroid/Ultroid) for more information.

@JamieSlome
Copy link

@sppidy - if @xditya now confirms the patch commit SHA for the fix on the advisory page, and selects you as the fixer, you will get the bounty for the fix, just a heads up!

Cheers 🎉

@huntr-helper
Copy link
Author

📦 A patch has been submitted for this report. 🔗 Check the patch (HEAD...sppidy:dev) or visit the advisory page (https://huntr.dev/bounties/1-other-TeamUltroid/Ultroid) for more information.

@xditya xditya closed this as completed May 22, 2021
@TeamUltroid TeamUltroid locked as resolved and limited conversation to collaborators May 22, 2021
@TeamUltroid TeamUltroid deleted a comment from buddhhu May 22, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@novik8989 @the-blank-x @buddhhu @JamieSlome @xditya @huntr-helper @sppidy