what if, the response has: Access-Control-Allow-Origin: * but, no "allow-credentials" popped on headers response. Is like, vulnerable in a real case scenario?
That totally depends. In a Penetration Test it's a finding with low CVSS score. In Bug Bounty it's usually closed as informative however I had 2 companies pay me as a low. Normally they say in the Ts and Cs. CORS with impact. To pass cookies and make it impactful you need the allow credentials. Hope that makes sense?
Not necessarily. A 302 is a temporary redirect. you should check how the redirect is initiated. If it's via "Location" usually you cant pull anything meaningful of. Sometimes however it will redirect via window.location and then you might be able to introduce XSS
For Bug Bounty you often don't need to exploit it and just report the reflected headers. Some will accept it and some won't. For impact it depends. Take a look at the CORS labs from the Web Security Academy. Typically you make an Ajax call from your own host to a sensitive (behind login) function
Ensure that the server only allows trusted origins to make cross-origin requests by properly configuring the Access-Control-Allow-Origin header. Additionally, use proper authentication and authorization mechanisms to prevent unauthorized access to sensitive resources.