Stored XSS firing at transaction map (applicationName field)
π https://hackerone.com/reports/549084
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
π https://hackerone.com/reports/549084
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:58am (UTC)
Urgent! Stored XSS at plugin's violations leading to account takeover
π https://hackerone.com/reports/602527
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
π https://hackerone.com/reports/602527
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
Site-wide clickjacking at IE11
π https://hackerone.com/reports/614947
πΉ Severity: Low | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
π https://hackerone.com/reports/614947
πΉ Severity: Low | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 10:59am (UTC)
CSRF at adding new role (user-management.service.newrelic.com)
π https://hackerone.com/reports/504782
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
π https://hackerone.com/reports/504782
πΉ Severity: Medium | π° 1,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
Stored XSS at Mobile (Versions tab)
π https://hackerone.com/reports/706533
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
π https://hackerone.com/reports/706533
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:04am (UTC)
Cross-account stored XSS at notes (through "swf" note parameter)
π https://hackerone.com/reports/710535
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:05am (UTC)
π https://hackerone.com/reports/710535
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:05am (UTC)
Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF
π https://hackerone.com/reports/708589
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:06am (UTC)
π https://hackerone.com/reports/708589
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:06am (UTC)
Passive stored XSS at Synthetics job result page (View resource)
π https://hackerone.com/reports/690536
πΉ Severity: Medium | π° 1,075 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:10am (UTC)
π https://hackerone.com/reports/690536
πΉ Severity: Medium | π° 1,075 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 11:10am (UTC)
Stored XSS in notes (charts) because of insecure chart data JSON generation
π https://hackerone.com/reports/507132
πΉ Severity: High | π° 4,250 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:27pm (UTC)
π https://hackerone.com/reports/507132
πΉ Severity: High | π° 4,250 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:27pm (UTC)
NR-wide cross account access through misconfigured CORS-policy of multiple endpoints
π https://hackerone.com/reports/751699
πΉ Severity: High | π° 3,125 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:30pm (UTC)
π https://hackerone.com/reports/751699
πΉ Severity: High | π° 3,125 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:30pm (UTC)
Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration
π https://hackerone.com/reports/746786
πΉ Severity: Low | π° 625 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:31pm (UTC)
π https://hackerone.com/reports/746786
πΉ Severity: Low | π° 625 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:31pm (UTC)
Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin
π https://hackerone.com/reports/605845
πΉ Severity: Medium | π° 1,337 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:32pm (UTC)
π https://hackerone.com/reports/605845
πΉ Severity: Medium | π° 1,337 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:32pm (UTC)
Stored XSS on recruit.innogames.de
π https://hackerone.com/reports/917250
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: InnoGames
πΉ Reported By: #aeswagyewgyes
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:42pm (UTC)
π https://hackerone.com/reports/917250
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: InnoGames
πΉ Reported By: #aeswagyewgyes
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:42pm (UTC)
Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)
π https://hackerone.com/reports/787886
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:45pm (UTC)
π https://hackerone.com/reports/787886
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:45pm (UTC)
Cross-account stored XSS at embedded charts
π https://hackerone.com/reports/709883
πΉ Severity: High | π° 3,625 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:47pm (UTC)
π https://hackerone.com/reports/709883
πΉ Severity: High | π° 3,625 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:47pm (UTC)
Stored XSS at APM transaction map (transactionName field)
π https://hackerone.com/reports/667770
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:48pm (UTC)
π https://hackerone.com/reports/667770
πΉ Severity: Medium | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 1:48pm (UTC)
One Click Remote Code Injection - *.blog.newrelic.com
π https://hackerone.com/reports/941421
πΉ Severity: Medium | π° 506 USD
πΉ Reported To: New Relic
πΉ Reported By: #arsene_lupin
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:14pm (UTC)
π https://hackerone.com/reports/941421
πΉ Severity: Medium | π° 506 USD
πΉ Reported To: New Relic
πΉ Reported By: #arsene_lupin
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:14pm (UTC)
Secure credentials values disclosure to regular users due to access control issue in monitor creating function
π https://hackerone.com/reports/788499
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:19pm (UTC)
π https://hackerone.com/reports/788499
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:19pm (UTC)
Attacker can create new account inside any partnership with no approve from the Partnership owner
π https://hackerone.com/reports/786109
πΉ Severity: Medium | π° 695 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:26pm (UTC)
π https://hackerone.com/reports/786109
πΉ Severity: Medium | π° 695 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:26pm (UTC)
Stored XSS at Synthetics private locations (planted through location label or description)
π https://hackerone.com/reports/680240
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:29pm (UTC)
π https://hackerone.com/reports/680240
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:29pm (UTC)
Restricted user can manage the NerdGraph entities' tags
π https://hackerone.com/reports/757957
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:30pm (UTC)
π https://hackerone.com/reports/757957
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:30pm (UTC)