Do you want to offer some? It's not clear this even bypassed payment that should have been due. That would be worse, and still not really a vulnerability.
> Think of all the spam that would have happened, had this been discovered on underground black-hat forums.
What spam would have happened as a result of early access to a new Cloudflare feature, that's independent of any (other) bugs/security flaws in that feature?
(Also, even with the actual vulnerability here, what 'spam' would have happened? This hijacks recieving. Worse, yes, but I don't see how it helps spammers.)
Accessing functionality you should not otherwise have access to is by definition a vulnerability. CF apparently agrees since they paid out a bounty for it.
> CF apparently agrees since they paid out a bounty for it.
Not really, it was mentioned as part of a report of the main, much more critical issue of 'hijacking email with Cloudflare Email Routing' - note that's the title itself, not 'accessing a cloudflare beta feature'...
> Think of all the spam that would have happened, had this been discovered on underground black-hat forums.
What spam would have happened as a result of early access to a new Cloudflare feature, that's independent of any (other) bugs/security flaws in that feature?
(Also, even with the actual vulnerability here, what 'spam' would have happened? This hijacks recieving. Worse, yes, but I don't see how it helps spammers.)