Back
Low · CVSS 2.5Improper Access Control - Generic (CWE-284)

Easy way to create a new Deck board without permission

hackerone-reports
hackerone-reports
March 5, 2026
0
€94

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/2388183 by hakuna

Summary:

Admins can decide which groups are allowed to create boards. But a user who is part of an unauthorized group can easily create a new board by cloning an existing one and renaming it.

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Sign InRegister

Related Writeups

hackerone-reportshackerone-reports

Can download files on Android app without permission

HackerOne disclosed report --> https://hackerone.com/reports/2380133 by hakuna

Read Writeup →
hackerone-reportshackerone-reports

2FA requirement bypass when inviting team members

HackerOne disclosed report --> https://hackerone.com/reports/3356149 by 0x7ashish

Read Writeup →

Discussion

No comments yet. Be the first to share your thoughts.

Log in to join the discussion.

Sign In