exploitable weaknesses in functionality - CrowdStream

Summary by asad_anwar

Hello,
I found vulnerability in functionality which could lead to exploitable by any low privilege user .

In "https://ads.indeed.com/account/secondary-accounts" there is an options for disable or enable the user right, which was assign by main/super admin

Disable function is not working correctly which allow low user to enable his/her privileges.

Activity

Kyle_indeed Customer published the disclosure report
3 years ago(02 May 2022 07:22:27 UTC)
asad_anwar updated the disclosure summary
4 years ago(23 Oct 2020 23:46:54 UTC)
asad_anwar requested disclosure
5 years ago(07 Jan 2020 23:10:20 UTC)
Jarvis Customer changed the state to Resolved
6 years ago(14 Feb 2019 18:11:07 UTC)
asad_anwar sent a message
6 years ago(30 Oct 2018 21:22:58 UTC)
candydish_indeed Customer sent a message
6 years ago(30 Oct 2018 21:10:39 UTC)
candydish_indeed Customer rewarded asad_anwar
6 years ago(30 Oct 2018 21:09:54 UTC)
candydish_indeed Customer rewarded asad_anwar 10 points
6 years ago(30 Oct 2018 21:09:50 UTC)
candydish_indeed Customer changed the state to Unresolved
6 years ago(30 Oct 2018 21:09:50 UTC)
asad_anwar sent a message
6 years ago(30 Oct 2018 19:03:29 UTC)
candydish_indeed Customer sent a message
6 years ago(29 Oct 2018 18:48:02 UTC)
asad_anwar sent a message
6 years ago(26 Oct 2018 23:59:27 UTC)
trim_bugcrowd sent a message
6 years ago(26 Oct 2018 22:28:29 UTC)
trim_bugcrowd changed the severity to P3
6 years ago(26 Oct 2018 04:10:00 UTC)
trim_bugcrowd changed the state to Triaged
6 years ago(26 Oct 2018 04:09:57 UTC)
asad_anwar sent a message
6 years ago(25 Oct 2018 13:44:49 UTC)
asad_anwar resolved a blocker for Bugcrowd Operations by verifying credentials
6 years ago(25 Oct 2018 13:07:33 UTC)
asad_anwar sent a message
6 years ago(25 Oct 2018 13:07:31 UTC)
asad_anwar sent a message
6 years ago(25 Oct 2018 11:37:54 UTC)
trim_bugcrowd created a blocker on the researcher to verify credentials
6 years ago(24 Oct 2018 23:57:48 UTC)
trim_bugcrowd sent a message
6 years ago(24 Oct 2018 23:57:47 UTC)
asad_anwar resolved a blocker for Bugcrowd Operations by providing information
6 years ago(24 Oct 2018 23:15:08 UTC)
asad_anwar sent a message
6 years ago(24 Oct 2018 23:15:07 UTC)
asad_anwar sent a message
6 years ago(24 Oct 2018 23:03:02 UTC)
trim_bugcrowd created a blocker on the researcher to provide information
6 years ago(24 Oct 2018 22:55:59 UTC)
trim_bugcrowd sent a message
6 years ago(24 Oct 2018 22:55:58 UTC)
asad_anwar resolved a blocker for Bugcrowd Operations by providing information
6 years ago(24 Oct 2018 21:43:15 UTC)
asad_anwar sent a message
6 years ago(24 Oct 2018 21:43:14 UTC)
asad_anwar sent a message
6 years ago(24 Oct 2018 11:53:43 UTC)
asad_anwar sent a message
6 years ago(24 Oct 2018 11:15:16 UTC)
trim_bugcrowd created a blocker on the researcher to provide information
6 years ago(24 Oct 2018 04:21:40 UTC)
trim_bugcrowd sent a message
6 years ago(24 Oct 2018 04:21:40 UTC)
asad_anwar created the submission
6 years ago(23 Oct 2018 18:28:38 UTC)