Flaw in Google Bug Tracker Exposed Reports About Unpatched Vulnerabilities

Google’s Issue Tracker, also known internally as the “Buganizer,” contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database.

Alex Birsan, a software developer and hobbyist bug-hunter, collected more than $15,000 in bounties for finding this bug and two other unrelated flaws in the Issue Tracker. The most critical of the three vulnerabilities allowed him to manipulate a request to the system that would elevate his privileges and provide him access to every detail about a particular vulnerability.

Full Article: https://threatpost.com/flaw-in-google-bug-tracker-exposed-reports-about-unpatched-vulnerabilities/128687/