Security Update News
Update Information
| Title | WakaTime: Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards |
|---|---|
| Update ID | H1:3279508 |
| Type | hackerone |
| Published | 2025-07-31T14:04:18 |
| Last Updated | 2025-08-03T03:23:03 |
Security Impact
| Severity | NONE |
|---|
AI Analysis
| AI Description | A vulnerability in WakaTime’s private leaderboards exposed users’ private email addresses to leaderboard creators and members, even when emails were set to private. |
|---|---|
| AI Severity | Medium |
| AI Vendor | WakaTime |
| AI Product | WakaTime |
Update Details
The vulnerability allowed unauthorized disclosure of private email addresses of WakaTime users through the private leaderboards feature. The email addresses were exposed to leaderboard creators and members, even when the users had not chosen to make their emails public.