Public Uber bug reports.

Team Bounty Title
Uber - Session not expired When logout [partners.uber.com]
Uber $2,000 phone number exposure for riders/drivers given email/uuid
Uber $8,500 SAML Authentication Bypass on uchat.uberinternal.com
Uber $5,000 Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
Uber - deleting payment profile during active trip puts account into arrears but active trip is temporarily “free”
Uber $2,500 SQL injection in 3rd party software Anomali
Uber $1,500 pam-ussh may be tricked into using another logged in user's ssh-agent
Uber $2,500 Authorization issue in Google G Suite allows DoS through HTTP redirect
Uber $1,000 ability to retrieve a user's phone-number/email for a given inviteCode
Uber $1,000 Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront
Uber $10,000 password reset token leaking allowed for ATO of an Uber account
Uber $500 Users can falsely declare their own Uber account info on the monthly billing application
Uber $100 Stealing users password (Limited Scenario)
Uber $5,000 Changing paymentProfileUuid when booking a trip allows free rides
Uber - Attacker could setup reminder remotely using brute force
Uber $10,000 Reading Emails in Uber Subdomains
Uber - XSS At "pages.et.uber.com"
Uber - Content injection on 404 error page at faspex.uber.com
Uber - User Enumeration and Information Disclosure
Uber $3,000 Missing authorization checks leading to the exposure of ubernihao.com administrator accounts
Uber $500 Blind OOB XXE At "http://ubermovement.com/"
Uber - Can add employee in business.uber.com without add payment method
Uber - Text Only Content Spoofing on ubermovement.com Community Page
Uber $5,000 Stored XSS on developer.uber.com via admin account compromise
Uber $2,000 [IODR] Get business trip via organization id
Uber $3,000 Get organization info base on uuid
Uber $1,000 newsroom.uber.com is vulnerable to 'SOME' XSS attack via plupload.flash.swf
Uber $4,000 SQL Injection on sctrack.email.uber.com.cn
Uber $2,250 Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com
Uber - Server version disclosure
Uber $1,000 Wordpress Vulnerabilities in transparencyreport.uber.com and eng.uber.com domains
Uber - faspex.uber.com uses an invalid SSL certificate
Uber - Authentication Issue for easter egg on bonjour.uber.com
Uber - Command Injection, Information
Uber - Server version disclosure: team.uberinternal.com
Uber - Error Message on 404 page
Uber - Self-XSS in Partners Profile
Uber $7,000 xss in https://www.uber.com
Uber $1,500 Bulk UUID enumeration via invite codes
Uber - Bruteforce INVITE codes easy way
Uber - Email Address Enumeration
Uber $750 Brute-Forcing invite codes in partners.uber.com
Uber - Newsroom.uber HTML form without CSRF protection
Uber $10,000 Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical)
Uber - Email Enumeration Vulnerability
Uber - Password Reset Does Not Confirm the Existence of an Email Address
Uber - Header Injection
Uber $750 xss vulnerability in http://ubermovement.com/community/daniel
Uber - Uber is Flooding my Mobile with SMS Daily like a cron JOB
Uber - XSS in people.uber.com
Uber - DOM based XSS on
Uber - Phone Number Enumeration
Uber $7,000 OneLogin authentication bypass on WordPress sites via XMLRPC
Uber - Self-XSS on partners.uber.com
Uber - Clickjacking in love.uber.com
Uber $8,000 [CRITICAL] -- Complete Account Takeover
Uber - Compromising Atlassian Confluence (team.uberinternal.com) via WordPress (newsroom.uber.com)
Uber $10,000 OneLogin authentication bypass on WordPress sites
Uber - Missing authentication on Notification setting .
Uber $5,000 Multiple vulnerabilities in a WordPress plugin at drive.uber.com
Uber - Uber for Business Allows Administrators to Change Uber Driver Ratings Due to Failure to Authenticate `fast-rating` Endpoint
Uber - Defect-Security | Driver-Broken Authentication | Able to update the Subscription Setting anonymously
Uber - Stored self-XSS at m.uber.com
Uber $2,000 Reflected XSS via Livefyre Media Wall in newsroom.uber.com
Uber - Information Disclosure on lite.uber.com
Uber - CrashPlan Backup is Vulnerable Allowing to a DoS Attack Against Uber's Backups to ```backup.uber.com```
Uber $7,500 Stored XSS in developer.uber.com
Uber - XSS via password recovering
Uber - XSS in uber oauth
Uber - Unsubscribe any user from receiving email
Uber - Requested and received edit access to Google form
Uber - developer.uber.com/404 and developer.uber.com/docs/404 are susceptible to iframes
Uber - reopen #128853 (Information disclosure at lite.uber.com)
Uber - Disclosure of ways to the site root
Uber - User credentials are not strong on vault.uber.com
Uber - Information disclosure at lite.uber.com
Uber - Enumerating userIDs with phone numbers
Uber $5,000 Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin
Uber $250 Easy spam with USE My PHONE Feature
Uber - Session Impersonation in riders.uber.com
Uber $5,000 Information regarding trips from other users
Uber $5,000 Possibility to get private email using UUID
Uber $3,000 Possible to View Driver Waybill via Driver UUID
Uber - Use Partner/Driver App Without Being Activated
Uber - Brute Forcing rider-view Endpoint Allows for Counting Number of Active Uber Drivers
Uber $3,000 Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0)
Uber - It is possible to re-rate a driver after a very long time
Uber - Pixel flood attack in https://riders.uber.com/profile
Uber - Disclosure of ip addresses in local network of uber
Uber - SMS Flood with Update Profile
Uber - Changing Driver Passwords With Only an Authenticated Session (no password, no email)
Uber - Uploading Plain Text to uber-documents.s3.amazonaws.com Through the Driver Document Upload Page
Uber - Uber password reset link EMAIL FLOOD
Uber - Privilege escalation to allow non activated users to login and use uber partner ios app
Uber - text injection in get.uber.com/check-otp
Uber $500 CBC "cut and paste" attack may cause Open Redirect(even XSS)
Uber $750 XSS In archive.uber.com Due to Mime Sniffing in IE
Uber $1,000 CSV Injection in business.uber.com
Uber $2,000 Stored XSS in drive.uber.com WordPress admin panel
Uber - Cross-site Scripting (XSS)
Uber - CRLF Injection in developer.uber.com
Uber $10,000 uber.com may RCE by Flask Jinja2 Template Injection
Uber $3,000 SQL injection in Wordpress Plugin Huge IT Video Gallery at https://drive.uber.com/frmarketplace/
Uber $3,000 Reflected XSS via Unvalidated / Open Redirect in uber.com
Uber - Session retention is present which reveals the customer info
Uber - Brute Force Amplification Attack
Uber - CSRF on eng.uber.com may lead to server-side compromise
Uber $5,000 Possibility to brute force invite codes in riders.uber.com
Uber - Stored Cross Site Scripting [SELF] in partners.uber.com
Uber $3,000 Dom Based Xss
Uber $500 Estimation of a Lower Bound on Number of Uber Drivers via Enumeration
Uber $3,000 Avoiding Surge Pricing
Uber - Create account in uber without signup form
Uber $2,000 Bypassing Uber Partner's 3 Cancel Limit
Uber $3,000 Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers
Uber $3,000 SQLi in love.uber.com
Uber - XSS on love.uber.com
Uber - HTML Escaping Error in the 404 Page on developer.uber.com/docs/
Uber $1,500 Lack of CNAME/A Record Trimming Pointing Uber Domains to Insecure Non-Uber AWS Instances/Sites
Uber $3,000 XSS in getrush.uber.com
Uber - LIsting of http://archive.uber.com/pypi/simple/
Uber - Self-XSS Vulnerability on Password Reset Form
Uber $3,000 Reflected XSS on developer.uber.com via Angular template injection
Uber $500 Open Redirect in m.uber.com
Uber - Cross-site Scripting (XSS) autocomplete generation in https://www.uber.com/
Uber - Active Email Hyperlink Sent on riders.uber.com
Uber $500 Open Redirection on Uber.com
Uber $3,000 Reflected XSS on Uber.com careers
Uber $250 Multiple Vulnerabilities (Including SQLi) in love.uber.com
Uber $3,000 XSS @ love.uber.com
Uber - Unauthorized file (invoice) download
Uber $500 Drivers can change profile picture
Uber $1,000 Mass Assignment Vulnerability in partners.uber.com
Uber $100 Issue with Password reset functionality
Uber $500 XSS on partners.uber.com