HomeVulnz

Recent Activity
ActivePublic

Recent Activity

Oct 29 2022

avm99963 changed the visibility for T25: Subscriptions to saved filters trigger email notifications for unauthorized threads.
Oct 29 2022, 4:01 AM · Unknown Object (Project)
avm99963 closed T25: Subscriptions to saved filters trigger email notifications for unauthorized threads, a subtask of T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate, as Verified.
Oct 29 2022, 4:01 AM · Unknown Object (Project)
avm99963 closed T25: Subscriptions to saved filters trigger email notifications for unauthorized threads as Verified.

T25#429 is now fixed (Google notified me on Feb 19, 2022, and I could verify it now). Thus, publishing the whole report.

Oct 29 2022, 4:01 AM · Unknown Object (Project)

Jul 15 2022

avm99963 edited the content of Vulnerability Reports Lifecycle.
Jul 15 2022, 3:22 PM · Unknown Object (Project)

Oct 24 2021

avm99963 updated the task description for T25: Subscriptions to saved filters trigger email notifications for unauthorized threads.
Oct 24 2021, 6:48 PM · Unknown Object (Project)
avm99963 added a comment to T25: Subscriptions to saved filters trigger email notifications for unauthorized threads.

I just checked T25#429 hasn't been fixed yet, so I just sent a message in the Buganizer bug to state that.

Oct 24 2021, 6:48 PM · Unknown Object (Project)
avm99963 changed the visibility for T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.
Oct 24 2021, 6:45 PM · Unknown Object (Project)
avm99963 changed the status of T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate from Fixed to Verified.

Google sent the automatic "Our systems show that all the bugs we created based on your report have been fixed by the product team" message on Jul 3, 2021, so I'm marking this as verified.

Oct 24 2021, 6:44 PM · Unknown Object (Project)

Jun 26 2021

avm99963 updated the task description for T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.
Jun 26 2021, 8:39 PM · Unknown Object (Project)
avm99963 closed T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate as Fixed.

I'm marking this report as fixed since I've just checked that all the reproduction steps shared here don't work anymore (the endpoints seem to be properly protected now).

Jun 26 2021, 8:38 PM · Unknown Object (Project)
avm99963 added a comment to T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.

On Jun 15, 2021 I contacted Google:

Jun 26 2021, 8:28 PM · Unknown Object (Project)

Jun 15 2021

avm99963 changed the visibility for T23: Avatars can be set to custom URLs and displayed in the Google Forums without using a proxy.
Jun 15 2021, 12:11 PM · Unknown Object (Project)
avm99963 closed T23: Avatars can be set to custom URLs and displayed in the Google Forums without using a proxy as Verified.

This has been fixed a long time ago by Google. Unrestricting access.

Jun 15 2021, 12:11 PM · Unknown Object (Project)

Panel Used By

Event Timeline

avm99963 renamed this panel from to Recent Activity.Apr 25 2018, 9:24 PM
avm99963 edited an edge.
avm99963 changed the visibility from "Public (No Login Required)" to "All Users".
avm99963 changed the visibility from "All Users" to "Public (No Login Required)".