Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts '
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Full name of other accounts exposed through NR API Explorer (another workaround of #476958)'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter '
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Upgrade menu exposes the mobile application token meant to only be visible to administrators '
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user can bypass permissions restriction to create NR Alert policies'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Permissions leaks the full name of other NR accounts - Regression of #267636'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Infrastructure] Restricted user can update integration provider account name via integrations API'
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app '
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'IDOR via internal_api "users" endpoint '
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'User is able to access and create private synthetics locations without upgrading (regression of #276157) '
04 Sep 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges '
04 Sep 2020 timeline
b'Brave Software' disclosed a bug submitted by b'drwx' 
b'Cross-origin resource sharing misconfiguration (CORS)'
04 Sep 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'CodeQL query to detect XSLT injections'
03 Sep 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites'
03 Sep 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'[CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check'
03 Sep 2020 timeline
1 ... 271 272 273 274 275 ... 743
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM