the unofficial HackerOne disclosure timeline.

X
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at Synthetics private locations (planted through location label or description)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Attacker can create new account inside any partnership with no approve from the Partnership owner'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Secure credentials values disclosure to regular users due to access control issue in monitor creating function'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'arsene_lupin' 
b'One Click Remote Code Injection - *.blog.newrelic.com'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at APM transaction map (transactionName field)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Cross-account stored XSS at embedded charts'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)"
13 Aug 2020 timeline
b'InnoGames' disclosed a bug submitted by b'aeswagyewgyes' 
b'Stored XSS on recruit.innogames.de'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'NR-wide cross account access through misconfigured CORS-policy of multiple endpoints'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS in notes (charts) because of insecure chart data JSON generation'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Passive stored XSS at Synthetics job result page (View resource)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Cross-account stored XSS at notes (through "swf" note parameter)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at Mobile (Versions tab)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'CSRF at adding new role (user-management.service.newrelic.com)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Site-wide clickjacking at IE11'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Urgent! Stored XSS at plugin's violations leading to account takeover"
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS firing at transaction map (applicationName field)'
13 Aug 2020 timeline
1 ... 302 303 304 305 306 ... 765
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM