writeups.xyz / GitHub Security Lab audited DataHub: Here’s what they found

Submitter : c2a

Date: 3 March 2023

Bounty : undisclosed

Vulnerabilities :

• SSRF
• Insecure Deserialization
• Cypher Injection
• Authentication Bypass
• Authorization Bypass
• XSS
• Open Redirect
• JWT
• JSON Injection
• Cryptographic Issues
• Session Expiration Issue
• Security Code Review

Programs :

• DataHub

Authors :

• Alvaro Muñoz (@Pwntester)
• Michael Stepankin (@Artsploit)
• Peter Stöckli (@Ulldma)
• Kevin Stubbings
• Jorge Rosillo (@Jorge_ctf)
• Sylwia Budzynska

Link :
https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/