Ability to buy PRO subscriptions by arbitrary reduced prices
π https://hackerone.com/reports/783688
πΉ Severity: Low | π° 203 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:37pm (UTC)
π https://hackerone.com/reports/783688
πΉ Severity: Low | π° 203 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:37pm (UTC)
Account owner/admin can't actually delete personal users' API keys
π https://hackerone.com/reports/782703
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:38pm (UTC)
π https://hackerone.com/reports/782703
πΉ Severity: Medium | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:38pm (UTC)
Restricted user can update Apdex target for applications by leveraging the GraphQL mutation
π https://hackerone.com/reports/776449
πΉ Severity: Medium | π° 626 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:39pm (UTC)
π https://hackerone.com/reports/776449
πΉ Severity: Medium | π° 626 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:39pm (UTC)
Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY
π https://hackerone.com/reports/766145
πΉ Severity: Medium | π° 600 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:40pm (UTC)
π https://hackerone.com/reports/766145
πΉ Severity: Medium | π° 600 USD
πΉ Reported To: New Relic
πΉ Reported By: #skavans
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 3:40pm (UTC)
Restricted user can add and delete tags of APM key transactions
π https://hackerone.com/reports/638685
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 4:39pm (UTC)
π https://hackerone.com/reports/638685
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 4:39pm (UTC)
IDOR allows accounts to view full name of other accounts based on email through share notes feature
π https://hackerone.com/reports/476958
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 4:40pm (UTC)
π https://hackerone.com/reports/476958
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 4:40pm (UTC)
Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page
π https://hackerone.com/reports/479139
πΉ Severity: Low | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 4:40pm (UTC)
π https://hackerone.com/reports/479139
πΉ Severity: Low | π° 500 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 4:40pm (UTC)
https://βββββ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability
π https://hackerone.com/reports/940384
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #they
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:08pm (UTC)
π https://hackerone.com/reports/940384
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #they
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:08pm (UTC)
Path traversal on https://βββ allows arbitrary file read (CVE-2020-3452)
π https://hackerone.com/reports/936399
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #un4gi
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:09pm (UTC)
π https://hackerone.com/reports/936399
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #un4gi
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:09pm (UTC)
Remote Code Execution via CVE-2019-18935
π https://hackerone.com/reports/913695
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #un4gi
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:11pm (UTC)
π https://hackerone.com/reports/913695
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #un4gi
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:11pm (UTC)
Stored XSS Via NRQL chartbuilder JSON view
π https://hackerone.com/reports/634692
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:56pm (UTC)
π https://hackerone.com/reports/634692
πΉ Severity: High | π° 2,500 USD
πΉ Reported To: New Relic
πΉ Reported By: #jon_bottarini
πΉ State: π’ Resolved
πΉ Disclosed: August 13, 2020, 6:56pm (UTC)
Missing memory corruption protection on Windows release built
π https://hackerone.com/reports/380102
πΉ Severity: Medium | π° 50 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #secconsult
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 6:21am (UTC)
π https://hackerone.com/reports/380102
πΉ Severity: Medium | π° 50 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #secconsult
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 6:21am (UTC)
Default Creds Spring Boot Admin
π https://hackerone.com/reports/954818
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #testingforbugs
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 5:01pm (UTC)
π https://hackerone.com/reports/954818
πΉ Severity: High
πΉ Reported To: 8x8
πΉ Reported By: #testingforbugs
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 5:01pm (UTC)
Arbitrary code execution via untrusted schemas in ajv
π https://hackerone.com/reports/897974
πΉ Severity: Low
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 5:21pm (UTC)
π https://hackerone.com/reports/897974
πΉ Severity: Low
πΉ Reported To: Node.js third-party modules
πΉ Reported By: #chalker
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 5:21pm (UTC)
Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header
π https://hackerone.com/reports/921704
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Automattic
πΉ Reported By: #hannanhaseeb
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 7:53pm (UTC)
π https://hackerone.com/reports/921704
πΉ Severity: Medium | π° 200 USD
πΉ Reported To: Automattic
πΉ Reported By: #hannanhaseeb
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 7:53pm (UTC)
HTML injection in email content
π https://hackerone.com/reports/786976
πΉ Severity: Medium
πΉ Reported To: Bitwala
πΉ Reported By: #lamscun
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 8:01pm (UTC)
π https://hackerone.com/reports/786976
πΉ Severity: Medium
πΉ Reported To: Bitwala
πΉ Reported By: #lamscun
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 8:01pm (UTC)
SVG file upload leads to XML injection
π https://hackerone.com/reports/845832
πΉ Severity: Low
πΉ Reported To: Topcoder
πΉ Reported By: #tushr
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 9:43pm (UTC)
π https://hackerone.com/reports/845832
πΉ Severity: Low
πΉ Reported To: Topcoder
πΉ Reported By: #tushr
πΉ State: π’ Resolved
πΉ Disclosed: August 14, 2020, 9:43pm (UTC)
Solution for XSS challenge calc.buggywebsite.com
π https://hackerone.com/reports/954249
πΉ Severity: High
πΉ Reported To: BugPoC
πΉ Reported By: #d1r3wolf
πΉ State: π’ Resolved
πΉ Disclosed: August 15, 2020, 6:32pm (UTC)
π https://hackerone.com/reports/954249
πΉ Severity: High
πΉ Reported To: BugPoC
πΉ Reported By: #d1r3wolf
πΉ State: π’ Resolved
πΉ Disclosed: August 15, 2020, 6:32pm (UTC)
Unrestricted File Upload in Chat Window
π https://hackerone.com/reports/925513
πΉ Severity: Medium
πΉ Reported To: OWOX, Inc.
πΉ Reported By: #ant_pyne
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2020, 6:35am (UTC)
π https://hackerone.com/reports/925513
πΉ Severity: Medium
πΉ Reported To: OWOX, Inc.
πΉ Reported By: #ant_pyne
πΉ State: π’ Resolved
πΉ Disclosed: August 16, 2020, 6:35am (UTC)
XSS in desktop client via invalid server address on login form
π https://hackerone.com/reports/685552
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #jplopezy
πΉ State: π’ Resolved
πΉ Disclosed: August 17, 2020, 12:50am (UTC)
π https://hackerone.com/reports/685552
πΉ Severity: Medium | π° 100 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #jplopezy
πΉ State: π’ Resolved
πΉ Disclosed: August 17, 2020, 12:50am (UTC)
Authenticity token doesnt expire after single use leading to CSRF
π https://hackerone.com/reports/919112
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #justlife_4x4
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 17, 2020, 1:36am (UTC)
π https://hackerone.com/reports/919112
πΉ Severity: No Rating
πΉ Reported To: Omise
πΉ Reported By: #justlife_4x4
πΉ State: βͺοΈ Informative
πΉ Disclosed: August 17, 2020, 1:36am (UTC)