Several internal applications have open CORS, allowing external folks to access the content

Disclosed by
  • Program Tesla
  • Disclosed date over 1 year ago
  • Points 20
  • Priority P2 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Tesla

Allowing disclosure with limited visibility since the report contains information about internal hosts

Summary by bigBugGuy

Using a typosquat domain, I was able to get access to a browser that sat on an internal Tesla network, without social engineering anyone. From there, I could access all the open CORs domains:

That response data was then sent back out to me. The team was quick to triage the issue, and fix the permissive CORs issue.