Nextcloud Bug Bounty Report (CVE-2020-8155)
After listening to an episode of Darknet Diaries about bug bounty programs, I was inspired to make some money finding vulnerabilities in websites. Through HackerOne, I discovered Nextcloud's bug bounty program.
How I found the vulnerability
While looking at the list of in-scope targets, I saw that one was a PDF viewer, and some PDF viewers are vulnerable to XSS attacks.
After seeing that they used pdf.js, I searched for vulnerabilities that affected the version they used.
I found out that the version they used was vulnerable to CVE-2018-5158.
The Report Process
Although the report was only around 150 words, I spent a few hours confirming the exploit and writing it. I link to the report at the bottom of this post.
What Happened
Nextcloud quickly responded, fixed the issue, and submitted a CVE.
They gave me $100, and the vulnerability was given the CVE ID, CVE-2020-8155.
Overall, I am pleased with how they communicated and handled the process.