An organization has the ability to invite external participants not belonging to their organization to a bug report. The invited user is sees partial data and metadata of a bug in the UI after they accept the invitation. However, in this case I have discovered a way that will make a participant view more data that what is allowed. The data consists of program profile picture, twitter handle, website, about and the asset details to which the report belongs.
https://hackerone.com/reports/2580982