Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3475626 by dphoeniixx
Hello LinkedIn Security Team,
I was able to identify a vulnerability in the WebViewerFragment that can lead to leaking the user's cookies to a threat actor. Below, I will explain the finding and provide a PoC.
A static field (CUSTOM_HEADERS) in WebViewerFragment persists cookies across different URL loads, allowing an attacker to chain multiple weaknesses to exfiltrate a victim's LinkedIn session cookies to an attacker-controlled server.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3518571 by alexb_616
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3601655 by smlee
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3168691 by joejoe5
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In