BugCrowd Bug Bounty Disclosure: P1 – Critical Local File Read in Electron Desktop App – By Renwa

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting.

Program


Program Information

asana

asana

Details


Additional Information

  • Priority: P1

Renwa found a vulnerability in our Asana Desktop app that allowed a malicious actor to read local machine files that the user running the Asana Desktop app has access to if redirected to a malicious URL. We fixed this vulnerability within hours of the report and deployed a new Asana Desktop release within the next few days with the patch.We track Bugcrowd submissions internally but we didn’t follow up with this submission and close it out until a few months after the fix. We’ve been working on closing that process gap to ensure that we quickly respond to all our security researchers.

Submitted By


Submitter Information

  • Hacker Points: 2293
  • Hacker Accuracy: 100.0%
  • Hacker Rank: 169th

Renwa


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn