REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Full name of other accounts exposed through NR API Explorer (another workaround of #476958)'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Upgrade menu exposes the mobile application token meant to only be visible to administrators '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Restricted user can bypass permissions restriction to create NR Alert policies'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'Permissions leaks the full name of other NR accounts - Regression of #267636'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Infrastructure] Restricted user can update integration provider account name via integrations API'
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'IDOR via internal_api "users" endpoint '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'User is able to access and create private synthetics locations without upgrading (regression of #276157) '
04 Sep 2020
b'New Relic'
disclosed a bug submitted by
b'jon_bottarini'
b'[NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges '
04 Sep 2020
b'Brave Software'
disclosed a bug submitted by
b'drwx'
b'Cross-origin resource sharing misconfiguration (CORS)'
04 Sep 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'CodeQL query to detect XSLT injections'
03 Sep 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'Query to find TLS configurations supporting hardcoded insecure versions of the protocol and cipher suites'
03 Sep 2020
b'GitHub Security Lab'
disclosed a bug submitted by
b'someonenobbd'
b'[CATENACYBER]: [CPP] CWE-476 Null Pointer Dereference : Another query to either missing or redundant NULL check'
03 Sep 2020
1
...
298
299
300
301
302
...
770
BY DENIS WERNER - @NOBBD -
IMPRESSUM