HomeVulnz

Recent Activity
ActivePublic

Recent Activity

Oct 24 2021

avm99963 changed the visibility for T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.
Oct 24 2021, 6:45 PM · Unknown Object (Project)
avm99963 changed the status of T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate from Fixed to Verified.

Google sent the automatic "Our systems show that all the bugs we created based on your report have been fixed by the product team" message on Jul 3, 2021, so I'm marking this as verified.

Oct 24 2021, 6:44 PM · Unknown Object (Project)

Jun 26 2021

avm99963 updated the task description for T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.
Jun 26 2021, 8:39 PM · Unknown Object (Project)
avm99963 closed T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate as Fixed.

I'm marking this report as fixed since I've just checked that all the reproduction steps shared here don't work anymore (the endpoints seem to be properly protected now).

Jun 26 2021, 8:38 PM · Unknown Object (Project)
avm99963 added a comment to T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.

On Jun 15, 2021 I contacted Google:

Jun 26 2021, 8:28 PM · Unknown Object (Project)

Jun 15 2021

avm99963 changed the visibility for T23: Avatars can be set to custom URLs and displayed in the Google Forums without using a proxy.
Jun 15 2021, 12:11 PM · Restricted Project
avm99963 closed T23: Avatars can be set to custom URLs and displayed in the Google Forums without using a proxy as Verified.

This has been fixed a long time ago by Google. Unrestricting access.

Jun 15 2021, 12:11 PM · Restricted Project
avm99963 added a subtask for T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate: Unknown Object (Maniphest Task).
Jun 15 2021, 4:13 AM · Restricted Project
avm99963 created T26: Missing access control in methods v2/users:search and v2/users/status:batchUpdate.
Jun 15 2021, 4:11 AM · Restricted Project

Jan 26 2021

avm99963 edited the content of Report a vulnerability to avm99963.
Jan 26 2021, 2:26 PM
avm99963 created an object: Report a vulnerability to avm99963.
Jan 26 2021, 12:44 AM

Sep 15 2020

avm99963 set Vendor to Google on T23: Avatars can be set to custom URLs and displayed in the Google Forums without using a proxy.
Sep 15 2020, 3:03 PM · Restricted Project
avm99963 triaged T23: Avatars can be set to custom URLs and displayed in the Google Forums without using a proxy as Priority-3 priority.
Sep 15 2020, 3:02 PM · Restricted Project

Panel Used By

Event Timeline

avm99963 renamed this panel from to Recent Activity.Apr 25 2018, 9:24 PM
avm99963 edited an edge.
avm99963 changed the visibility from "Public (No Login Required)" to "All Users".
avm99963 changed the visibility from "All Users" to "Public (No Login Required)".