Content Spoofing
π https://hackerone.com/reports/841630
πΉ Severity: No Rating
πΉ Reported To: Acronis
πΉ Reported By: #full109tun
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 3:15pm (UTC)
π https://hackerone.com/reports/841630
πΉ Severity: No Rating
πΉ Reported To: Acronis
πΉ Reported By: #full109tun
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 3:15pm (UTC)
Java: CWE-798 - Hardcoded AWS credentials
π https://hackerone.com/reports/956967
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 4:54pm (UTC)
π https://hackerone.com/reports/956967
πΉ Severity: Low | π° 1,000 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: August 12, 2020, 4:54pm (UTC)
Pre-auth Denial-of-Service in Dovecot RPA implementation
π https://hackerone.com/reports/866605
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
π https://hackerone.com/reports/866605
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
Pre-auth buffer over-read in Dovecot NTLM implementation
π https://hackerone.com/reports/866597
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
π https://hackerone.com/reports/866597
πΉ Severity: Medium | π° 550 USD
πΉ Reported To: Open-Xchange
πΉ Reported By: #orange
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:43am (UTC)
SSRF in imgur video GIF conversion
π https://hackerone.com/reports/247680
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Imgur
πΉ Reported By: #justchillin
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:15am (UTC)
π https://hackerone.com/reports/247680
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: Imgur
πΉ Reported By: #justchillin
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:15am (UTC)
Stored XSS at APM applications listing
π https://hackerone.com/reports/530511
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:45am (UTC)
π https://hackerone.com/reports/530511
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:45am (UTC)
Stored XSS firing if the error occurs when trying to delete the APM app
π https://hackerone.com/reports/530871
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:46am (UTC)
π https://hackerone.com/reports/530871
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:46am (UTC)
User can run monitors at private locations, which he has no access to
π https://hackerone.com/reports/681001
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:52am (UTC)
π https://hackerone.com/reports/681001
πΉ Severity: High | π° 3,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:52am (UTC)
Stored XSS at APM apps labels autocomplete dropdown (apps listing)
π https://hackerone.com/reports/534711
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
π https://hackerone.com/reports/534711
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
CSRF at acknowledging an incident
π https://hackerone.com/reports/512102
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
π https://hackerone.com/reports/512102
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:53am (UTC)
CSTI fix (#587829) bypass leading to stored XSS at plugins again
π https://hackerone.com/reports/629113
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:57am (UTC)
π https://hackerone.com/reports/629113
πΉ Severity: High | π° 1,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:57am (UTC)
CSTI at Plugin page leading to active stored XSS (Publisher name)
π https://hackerone.com/reports/587829
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:57am (UTC)
π https://hackerone.com/reports/587829
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:57am (UTC)
Stored XSS firing at the "Add chart to note" popup
π https://hackerone.com/reports/566400
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
π https://hackerone.com/reports/566400
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
Stored XSS at APM key transactions list
π https://hackerone.com/reports/567468
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
π https://hackerone.com/reports/567468
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
Stored XSS firing at transaction map (applicationName field)
π https://hackerone.com/reports/549084
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
π https://hackerone.com/reports/549084
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
Urgent! Stored XSS at plugin's violations leading to account takeover
π https://hackerone.com/reports/602527
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
π https://hackerone.com/reports/602527
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
Site-wide clickjacking at IE11
π https://hackerone.com/reports/614947
πΉ Severity: Low | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
π https://hackerone.com/reports/614947
πΉ Severity: Low | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
CSRF at adding new role (user-management.service.newrelic.com)
π https://hackerone.com/reports/504782
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
π https://hackerone.com/reports/504782
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
Stored XSS at Mobile (Versions tab)
π https://hackerone.com/reports/706533
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
π https://hackerone.com/reports/706533
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
Cross-account stored XSS at notes (through "swf" note parameter)
π https://hackerone.com/reports/710535
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:05am (UTC)
π https://hackerone.com/reports/710535
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:05am (UTC)
Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF
π https://hackerone.com/reports/708589
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:06am (UTC)
π https://hackerone.com/reports/708589
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:06am (UTC)