Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3475626 by dphoeniixx
Hello LinkedIn Security Team,
I was able to identify a vulnerability in the WebViewerFragment that can lead to leaking the user's cookies to a threat actor. Below, I will explain the finding and provide a PoC.
A static field (CUSTOM_HEADERS) in WebViewerFragment persists cookies across different URL loads, allowing an attacker to chain multiple weaknesses to exfiltrate a victim's LinkedIn session cookies to an attacker-controlled server.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3584903 by nobcoder
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3426417 by sy2n0
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3456148 by undefined
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In