moyixXBOW found a critical auth bypass (CVE-2024-50334) in Scoold, a widely-used open-source Q&A site, fully autonomously! @nicowaisman and I wrote up a post walking through the methodology it used – IMO it's a super cool bug and fascinating trace https://xbow.com/blog/xbow-scoold-vuln/
XBOW – How XBOW found a Scoold authentication bypass
As we shift our focus from benchmarks to real world applications, we will be sharing some of the most interesting vulnerabilities XBOW has found in real-world, open-source targets. The first of these is an authentication bypass in Scoold, a popular open-source Q&A platform.