May 13, 2024, 7:57 p.m. | Mohammed Moiz Pasha

InfoSec Write-ups - Medium infosecwriteups.com

Hundreds of companies’ internal data exposed — Part 2: The FreshService misconfiguration

One misconfiguration, hundreds of companies, thousands of dollars in bounties… again.

Note: This is NOT a vulnerability in Freshservice. This is a misconfiguration affecting a subset of companies using Freshservice, and is caused by a misconfiguration on part of the company using Freshservice for ITSM, not Freshworks.

Introduction:

About a year ago, I found a misconfiguration in Atlassian Cloud instances, which affected hundreds of companies worldwide. The misconfiguration …

bug bounty ethical hacking hacking security vulnerability

Sr. Product Manager

@ MixMode | Remote, US

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Engineer I, S/W QA Cyber Security

@ Boston Scientific | Pune, IN

Application Security and Secure-SDLC Expert

@ CYE | Herzliya, Israel