Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: kubernetes
Broken link hijacking in https://kubernetes-csi.github.io/docs/drivers.html?highlight=chubaofs#production-drivers
Kubernetes Insecure Temporary File (CWE-377)
Low
2022-03-25
Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS
Kubernetes Improper Access Control - Generic (CWE-284)
Medium
2021-12-16
Broken Link Takeover from kubernetes.io docs
Kubernetes Improper Access Control - Generic (CWE-284)
Low
2021-12-16
Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
Kubernetes Improper Access Control - Generic (CWE-284)
Medium
2021-12-16
Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
Kubernetes Privilege Escalation (CAPEC-233)
High
2021-12-04
IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Kubernetes Man-in-the-Middle (CWE-300)CVE-2019-9946CVE-2019-3462
Medium
2021-11-07
Broken link hijacing in https://kubernetes-csi.github.io/docs/drivers.html
Kubernetes Violation of Secure Design Principles (CWE-657)
Medium
2021-11-06
Broken Link Hijacking on kubernetes.io Documentation
Kubernetes Improper Access Control - Generic (CWE-284)
Low
2021-11-06
Tokenless GUI Authentication
Kubernetes Improper Authentication - Generic (CWE-287)
Medium
2021-11-04
Man in the middle using LoadBalancer or ExternalIPs services
Kubernetes Man-in-the-Middle (CWE-300)CVE-2020-8554
Medium
2021-11-04
Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful)
Kubernetes Man-in-the-Middle (CWE-300)
Medium
2021-10-08
SSRF for kube-apiserver cloudprovider scene
Kubernetes Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-8561
Medium
2021-10-07
Holes in EndpointSlice Validation Enable Host Network Hijack
Kubernetes Privilege Escalation (CAPEC-233)CVE-2021-25737
Low
2021-09-05
Node Validation Admission does not observe all oldObject fields
Kubernetes Improper Access Control - Generic (CWE-284)
Medium
2021-09-05
Index Out Of Bounds in protobuf unmarshalling
Kubernetes Buffer Over-read (CWE-126)
None
2021-08-30
kubectl creating secrets from stringData leaves secret in plain text
Kubernetes Cleartext Storage of Sensitive Information (CWE-312)
Low
2021-08-21
Loading YAML in Java client can lead to command execution
Kubernetes Deserialization of Untrusted Data (CWE-502)CVE-2021-25738
Medium
2021-08-07
Bypass apiserver proxy filter
Kubernetes Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)CVE-2020-8562
Medium
2021-05-27
SHA512 incorrect on most/many releases
Kubernetes Cryptographic Issues - Generic (CWE-310)
Medium
2021-05-09
Code Injection via Insecure Yaml.load
Kubernetes Code Injection (CWE-94)
Low
2021-05-01
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895