This repository provides public security resources of StrangeBee, like security notes & advisories, policies and more.

Last Security Advisories

2022

• SB-SEC-ADV-2022-001: Authentication bypass due to incomplete checks in the Active Directory authentication module
• SB-SEC-ADV-2022-002: Unauthentified API endpoint leaking data

2023

• SB-SEC-ADV-2023-001: Reporting – Stored Cross-Site Scripting
• SB-SEC-ADV-2023-002: Attachment – Stored Cross-Site Scripting
• SB-SEC-ADV-2023-003: Branding Logo – Reflected Cross-Site Scripting
• SB-SEC-ADV-2023-004: MFA - Lack of Lockout Policy
• SB-SEC-ADV-2023-005: Username Enumeration

2024

• SB-SEC-ADV-2024-001: Username Enumeration

Policies

• StrangeBee Responsible Vulnerability Disclosure policy