Salesforce bug hunting to Critical bug

Or how I learned that some bugs are truly rare

Ah, yes, third party is 9 out of 10 times out of scope. But sometimes it's not. Sometimes it's very much in scope. Unlike Zendesk , Salesforce can be misconfigured by its clients or left in a default state which allows for access to interesting/not-meant-to-be-publicly-accessible data.

The Bug

It's really simple (for more complicated and indepth analysis check this article.