When accessing the advanced vetting settings of a sandboxed testing program, a peculiar behavior can be noted. Navigating to the advanced vetting page of any program (e.g., hackerone.com/$handle/advanced_vetting) results in the page loading, even without explicit permissions. However, no confidential information is exposed, as the associated GraphQL request enforces restrictions on unauthorized users, displaying only the appropriate content.
https://hackerone.com/reports/2381253