Why can't I see the details?

[OBB74286025]

I recently received 2 vulnerability reports, which are correctly associated to the OBB program I set up for my domains. However, even when logged in, I cannot see any of the details the researcher entered.

Kind of hard to fix things without any information of what's broken

In the past I have not had any trouble like this. Does anyone know of any issues causing this, or what I could do to figure out why it is happening?

Related OBB reports:
https://www.openbugbounty.org/reports/707950
https://www.openbugbounty.org/reports/707951

[s3r_epixin]

Details of the reports are hidden by researcher, please contact the researcher by email.

[OBB74286025]

They can do that? Why would someone intentionally hide the details from whom they are reporting to? That completely negates almost every benefit of what OBB provides.

Will work directly with researcher to get the info, but this still seems like a system issue to me though.

[GordSchramm]

They can do that? Why would someone intentionally hide the details from whom they are reporting to? That completely negates almost every benefit of what OBB provides.

Will work directly with researcher to get the info, but this still seems like a system issue to me though.

Ok. Do not take me wrong with this. There could be various reasons. 1) divulging the the vuln might be accidentally be revealed to someone else that has no business knowing what it is.....2) a lot of times researchers want to be thanked for what they do....example...a researcher finds the vuln..............a website owner fixes the vuln when disclosed.....but the researcher gets no thanks for what they have done.......remember, do not take this the wrong way.....a great majority of us want to help....we just feel that sometimes a fix is not recognized...

Kind Regards,

[OBB74286025]

They can do that? Why would someone intentionally hide the details from whom they are reporting to? That completely negates almost every benefit of what OBB provides.

Will work directly with researcher to get the info, but this still seems like a system issue to me though.

Ok. Do not take me wrong with this. There could be various reasons. 1) divulging the the vuln might be accidentally be revealed to someone else that has no business knowing what it is.....2) a lot of times researchers want to be thanked for what they do....example...a researcher finds the vuln..............a website owner fixes the vuln when disclosed.....but the researcher gets no thanks for what they have done.......remember, do not take this the wrong way.....a great majority of us want to help....we just feel that sometimes a fix is not recognized...

Kind Regards,

For #1, do you mean not having that detail shown to the world once the "Scheduled Public Disclosure" date is reached? I could understand that, to an extent. Although one of the reasons for public disclosure is to help motivate web site owners to act promptly. But sure, if the details contained some sort of trade-secret level of info, then yes that should probably be left out of the report and communicated privately.

For #2, I don't really see how withholding information is going to aid in recognition. The whole point of OBB is to foster the whole process and highly encourages said recognition. By avoiding the key ingredient in the mechanism of OBB, it would actually hinder resolution, and thus reduce recognition thereof. In my case, it just slowed things down, and had no bearing one way or the other on any recognition.

[GordSchramm]

I absolutely agree with you....since you are apart of the bug bounty program, I do believe that info on the vulnerability should be available to you. Best thing to do is to address this to the admin of OBB.

Kind Regards,

Gord

[x1admin]

I recently received 2 vulnerability reports, which are correctly associated to the OBB program I set up for my domains. However, even when logged in, I cannot see any of the details the researcher entered.

Kind of hard to fix things without any information of what's broken

In the past I have not had any trouble like this. Does anyone know of any issues causing this, or what I could do to figure out why it is happening?

Related OBB reports:
https://www.openbugbounty.org/reports/707950
https://www.openbugbounty.org/reports/707951

By default report details auto disclosure to bug bounty owners but for current reports researcher disabled this option when create report. Please contact researcher directly.