Skip to content

Latest commit

 

History

History
211 lines (210 loc) · 28.4 KB

TOPNEWRELIC.md

File metadata and controls

211 lines (210 loc) · 28.4 KB
Raw

Top reports from New Relic program at HackerOne:

  1. Password theft login.newrelic.com via Request Smuggling to New Relic - 486 upvotes, $3000
  2. Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF to New Relic - 224 upvotes, $0
  3. Account Takeover via Email ID Change and Forgot Password Functionality to New Relic - 211 upvotes, $2048
  4. Cross-account stored XSS at embedded charts to New Relic - 156 upvotes, $0
  5. Stored XSS in notes (charts) because of insecure chart data JSON generation to New Relic - 145 upvotes, $0
  6. Reflected XSS in VPN Appliance to New Relic - 102 upvotes, $0
  7. CSTI at Plugin page leading to active stored XSS (Publisher name) to New Relic - 91 upvotes, $0
  8. Stored XSS via malicious key value of Synthetics monitor tag when visiting an Insights dashboard with filtering enabled to New Relic - 85 upvotes, $2123
  9. Urgent! Stored XSS at plugin's violations leading to account takeover to New Relic - 79 upvotes, $0
  10. IDOR via internal_api "users" endpoint to New Relic - 76 upvotes, $1500
  11. Host Header Injection to New Relic - 70 upvotes, $0
  12. Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation to New Relic - 63 upvotes, $2500
  13. Internal API endpoint discloses full account name of email address associated with unconfirmed user to New Relic - 61 upvotes, $1500
  14. [synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending to New Relic - 59 upvotes, $500
  15. (Prerelease UI) Stored XSS via role name in JSON chart to New Relic - 48 upvotes, $2500
  16. Reflected Cross site Scripting (XSS) on https://one.newrelic.com to New Relic - 41 upvotes, $0
  17. User can run monitors at private locations, which he has no access to to New Relic - 40 upvotes, $0
  18. Stored XSS in Brower name field reflected in two pages to New Relic - 39 upvotes, $3000
  19. Untrusted deserialization issue when loading newrelic.yml file in Java agent leads to code execution on host to New Relic - 39 upvotes, $768
  20. SSRF in alerts.newrelic.com exposes entire internal network to New Relic - 39 upvotes, $0
  21. Account takeover by using abandoned email id of victim which has already been changed to new by victim himself on one.newrelic.com to New Relic - 38 upvotes, $300
  22. [NR Insights] Pull any Insights/NRQL data from any NR account to New Relic - 37 upvotes, $2500
  23. Bypass of my three other reports #267636 + #255894 + #271861 - (IDOR) Ability to see full name associated with other New Relic accounts to New Relic - 37 upvotes, $1500
  24. removed user can still join the organization to New Relic - 35 upvotes, $250
  25. Users can enable API access for free via mass assignment to New Relic - 34 upvotes, $0
  26. Sending thousands of notifications with single request to New Relic - 29 upvotes, $500
  27. Adding your account to victim's app via deeplink to New Relic - 29 upvotes, $100
  28. Cache-Control Misconfiguration Leads to Sensitive Information Leakage to New Relic - 28 upvotes, $0
  29. [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint to New Relic - 27 upvotes, $2500
  30. The impossibility of inclusion of the trial (BROWSER) to New Relic - 26 upvotes, $200
  31. HTML injection at Alert email to New Relic - 25 upvotes, $250
  32. User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions to New Relic - 18 upvotes, $500
  33. Open redirection to New Relic - 18 upvotes, $0
  34. Stored XSS firing at the "Add chart to note" popup to New Relic - 17 upvotes, $0
  35. Stored XSS firing at transaction map (applicationName field) to New Relic - 17 upvotes, $0
  36. NR Internal_API call allows me to read the events/violations/policies/messages of ANY New Relic account (AND pull data from infrastructure) to New Relic - 16 upvotes, $1000
  37. Cache purge requests are not authenticated to New Relic - 16 upvotes, $0
  38. A user with restricted privileges is able to view Phone Number + Billing Email of account owner to New Relic - 16 upvotes, $0
  39. Stored XSS via "my recent queries" selector in NRQL dashboard builder to New Relic - 15 upvotes, $2500
  40. [NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894 to New Relic - 15 upvotes, $1500
  41. [NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges to New Relic - 15 upvotes, $750
  42. Mobile Authentication Endpoint Credentials Brute-Force Vulnerability to New Relic - 15 upvotes, $0
  43. [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users to New Relic - 14 upvotes, $1500
  44. GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user to New Relic - 14 upvotes, $750
  45. Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests to New Relic - 14 upvotes, $0
  46. Giving myself access to NR1 UI / one.newrelic.com without the proper feature flags on my account to New Relic - 13 upvotes, $500
  47. Missing rate limit on password to New Relic - 13 upvotes, $0
  48. Blind SSRF on synthetics.newrelic.com to New Relic - 13 upvotes, $0
  49. Internal Ports Scanning via Blind SSRF to New Relic - 13 upvotes, $0
  50. Stored XSS at APM applications listing to New Relic - 13 upvotes, $0
  51. Stored XSS at APM key transactions list to New Relic - 13 upvotes, $0
  52. APT repository is signed using weak digest (SHA-1) to New Relic - 12 upvotes, $0
  53. SSO Authentication Bypass to New Relic - 12 upvotes, $0
  54. stamp2-azure-ext.newrelic.com is vulnerable to MS12-020 to New Relic - 12 upvotes, $0
  55. Swiftype key stored in JavaScript source to New Relic - 12 upvotes, $0
  56. Full name of other accounts exposed through NR API Explorer (another workaround of #476958) to New Relic - 11 upvotes, $750
  57. CSRF- delete all empty server policy to New Relic - 11 upvotes, $0
  58. [docs-ra.newrelic.com] subdomain and Drupal takeover via unconfigured endpoint to New Relic - 11 upvotes, $0
  59. Captcha Bypass on SignUp Form to New Relic - 11 upvotes, $0
  60. Cross-account stored XSS at notes (through "swf" note parameter) to New Relic - 11 upvotes, $0
  61. Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page to New Relic - 10 upvotes, $1500
  62. [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID} to New Relic - 10 upvotes, $750
  63. [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app to New Relic - 10 upvotes, $750
  64. Upgrade menu exposes the mobile application token meant to only be visible to administrators to New Relic - 10 upvotes, $750
  65. Vulnerable Link Leaks the User Names to New Relic - 10 upvotes, $0
  66. No validation on account names to New Relic - 10 upvotes, $0
  67. newrelic.atlassian.net - jira information disclosure to New Relic - 10 upvotes, $0
  68. Stored XSS Via NRQL chartbuilder JSON view to New Relic - 9 upvotes, $2500
  69. Sensitive information contained with New Relic APM iOS application to New Relic - 9 upvotes, $0
  70. Session Hijacking to New Relic - 9 upvotes, $0
  71. Restricted User is able to edit Alert Conditions of Synthetics Monitors even if Synthetics Permissions is enabled by an admin to New Relic - 9 upvotes, $0
  72. GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled to New Relic - 9 upvotes, $0
  73. Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter to New Relic - 8 upvotes, $2000
  74. https://rpm.newrelic.com/login vulnerable to host header attack to New Relic - 8 upvotes, $0
  75. JIRA account misconfig causes internal info leak to New Relic - 8 upvotes, $0
  76. Bypass of my two other reports #267636 + #255894 - (IDOR) Ability to see full name associated with other New Relic accounts to New Relic - 8 upvotes, $0
  77. Drupal admin takeover via install.php not being performed prior to install. to New Relic - 8 upvotes, $0
  78. Mixed content issues on newrelic.com to New Relic - 8 upvotes, $0
  79. Stored XSS at Synthetics private locations (planted through location label or description) to New Relic - 8 upvotes, $0
  80. Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints to New Relic - 7 upvotes, $900
  81. [NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint to New Relic - 7 upvotes, $750
  82. Logic flaw enables restricted account to access account license key to New Relic - 7 upvotes, $500
  83. SSRF on synthetics.newrelic.com permitting access to sensitive data to New Relic - 7 upvotes, $0
  84. Session Management Flaw to New Relic - 7 upvotes, $0
  85. CSRF vulnerability that allows an attacker to purge plugin metric data to New Relic - 7 upvotes, $0
  86. Leaking license key in source code to New Relic - 7 upvotes, $0
  87. CSRF For Adding Users to New Relic - 7 upvotes, $0
  88. [Bypass] Code injection to open redirect in https://insights.newrelic.com/accounts/2521182/dashboards/1026927 to New Relic - 7 upvotes, $0
  89. Stored XSS at Mobile (Versions tab) to New Relic - 7 upvotes, $0
  90. Passive stored XSS at Synthetics job result page (View resource) to New Relic - 7 upvotes, $0
  91. One Click Remote Code Injection - *.blog.newrelic.com to New Relic - 7 upvotes, $0
  92. HTML Injection In Email In one.newrelic.com to New Relic - 7 upvotes, $0
  93. IDOR allows accounts to view full name of other accounts based on email through share notes feature to New Relic - 6 upvotes, $750
  94. Open redirection on login to New Relic - 6 upvotes, $0
  95. Potential sub-domain hijacking to New Relic - 6 upvotes, $0
  96. CSRF - Delete all empty application policy to New Relic - 6 upvotes, $0
  97. NR-wide cross account access through misconfigured CORS-policy of multiple endpoints to New Relic - 6 upvotes, $0
  98. Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values) to New Relic - 6 upvotes, $0
  99. Permissions leaks the full name of other NR accounts - Regression of #267636 to New Relic - 5 upvotes, $1500
  100. [NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key to New Relic - 5 upvotes, $750
  101. Restricted user can add and delete tags of APM key transactions to New Relic - 5 upvotes, $750
  102. [NR Infrastructure] Restricted user can update integration provider account name via integrations API to New Relic - 5 upvotes, $750
  103. [NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions to New Relic - 5 upvotes, $750
  104. [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts to New Relic - 5 upvotes, $750
  105. User is able to access and create private synthetics locations without upgrading (regression of #276157) to New Relic - 5 upvotes, $500
  106. Restricted user can bypass permissions restriction to create NR Alert policies to New Relic - 5 upvotes, $500
  107. http://newrelic.com SSRF/XSPA to New Relic - 5 upvotes, $0
  108. CSV Injection in sub_accounts.csv to New Relic - 5 upvotes, $0
  109. Reflected XSS on Signup Page to New Relic - 5 upvotes, $0
  110. No Rate Limitation on Promo Code to New Relic - 5 upvotes, $0
  111. /accounts/USERID.json file is left open for Restricted User of organization disclosing Owners's Mobile Number and "billing_info, cc_email" to New Relic - 5 upvotes, $0
  112. Privilege Escalation in Default Notification Preferences to New Relic - 5 upvotes, $0
  113. Missing security best practices (leads to further impact) to New Relic - 5 upvotes, $0
  114. CSRF at adding new role (user-management.service.newrelic.com) to New Relic - 5 upvotes, $0
  115. Stored XSS at APM transaction map (transactionName field) to New Relic - 5 upvotes, $0
  116. NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled to New Relic - 4 upvotes, $750
  117. Manipulation of submit payment request allows me to obtain Infrastructure Pro/Other Services for free or at greatly reduced price to New Relic - 4 upvotes, $600
  118. Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page to New Relic - 4 upvotes, $500
  119. https://rpm.newrelic.com/.htaccess file is world readable to New Relic - 4 upvotes, $0
  120. Open redirection bypass to New Relic - 4 upvotes, $0
  121. Normal user can set "Job title" of other users by Direct Object Reference to New Relic - 4 upvotes, $0
  122. User enumeration possible from log-in timing difference to New Relic - 4 upvotes, $0
  123. Login Open Redirect to New Relic - 4 upvotes, $0
  124. newrelic.com rails directory traversal vuln to New Relic - 4 upvotes, $0
  125. Improper Session Management to New Relic - 4 upvotes, $0
  126. Privilege Escalation In Moniter to New Relic - 4 upvotes, $0
  127. [alerts.newrelic.com] Scanning local network via notification channel to New Relic - 4 upvotes, $0
  128. Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc. to New Relic - 4 upvotes, $0
  129. Cross site scripting in a subdomain of newrelic.com to New Relic - 4 upvotes, $0
  130. Stored XSS on BillingCountry parameter to New Relic - 4 upvotes, $0
  131. Sub domain issues. to New Relic - 4 upvotes, $0
  132. SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability to New Relic - 4 upvotes, $0
  133. Hyperlink Injection on adding active users to New Relic - 4 upvotes, $0
  134. Bypassing Protection Mechanism: Change of Account Name after Session Log out to New Relic - 4 upvotes, $0
  135. Stored XSS firing if the error occurs when trying to delete the APM app to New Relic - 4 upvotes, $0
  136. CSRF at acknowledging an incident to New Relic - 4 upvotes, $0
  137. CSTI fix (#587829) bypass leading to stored XSS at plugins again to New Relic - 4 upvotes, $0
  138. Getting API access key Through Introspection query Graphql to New Relic - 4 upvotes, $0
  139. Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets to New Relic - 3 upvotes, $250
  140. New Relic - Session Hijacking to New Relic - 3 upvotes, $0
  141. No CSRF validation on Account Monitors in Synthetics Block to New Relic - 3 upvotes, $0
  142. Login CSRF vulnerability to New Relic - 3 upvotes, $0
  143. Basic Authorization over HTTP to New Relic - 3 upvotes, $0
  144. Unsafe HTML in reset password email and Account verification in email is missing in Sign up to New Relic - 3 upvotes, $0
  145. Password disclosure during signup process to New Relic - 3 upvotes, $0
  146. HOST HEADER INJECTION in rpm.newrelic.com to New Relic - 3 upvotes, $0
  147. Open redirection to New Relic - 3 upvotes, $0
  148. Cookie Misconfiguration to New Relic - 3 upvotes, $0
  149. Host Header Injection / Cache Poisoning to New Relic - 3 upvotes, $0
  150. Open redirection bypass . to New Relic - 3 upvotes, $0
  151. [download.newrelic.com] Access to private directories to New Relic - 3 upvotes, $0
  152. Html injection in monitor name textbox to New Relic - 3 upvotes, $0
  153. A Signup page does not properly validate the authenticity token at the server side. to New Relic - 3 upvotes, $0
  154. XSS in a newrelic.com site to New Relic - 3 upvotes, $0
  155. Open Redirect to New Relic - 3 upvotes, $0
  156. DNS misconfiguration on email.alerts.newrelic.com to New Relic - 3 upvotes, $0
  157. WordPress username enumeration (/author) to New Relic - 3 upvotes, $0
  158. Stored XSS at APM apps labels autocomplete dropdown (apps listing) to New Relic - 3 upvotes, $0
  159. Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin to New Relic - 3 upvotes, $0
  160. Attacker can create new account inside any partnership with no approve from the Partnership owner to New Relic - 3 upvotes, $0
  161. Restricted user can manage the NerdGraph entities' tags to New Relic - 3 upvotes, $0
  162. Cross-account reading of Insights dashboards through GraphQL to New Relic - 3 upvotes, $0
  163. Ability to buy PRO subscriptions by arbitrary reduced prices to New Relic - 3 upvotes, $0
  164. Restricted user can update Apdex target for applications by leveraging the GraphQL mutation to New Relic - 3 upvotes, $0
  165. IDOR - User is able to download charts/dashboards from cross accounts to New Relic - 3 upvotes, $0
  166. Verification Link not expiring leading to Account Takeover. to New Relic - 3 upvotes, $0
  167. [New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs) to New Relic - 2 upvotes, $750
  168. Old CAPTCHA offers no protection to New Relic - 2 upvotes, $0
  169. Stored Cross-Site Scripting via Angular Template Injection to New Relic - 2 upvotes, $0
  170. Clickjacking on authenticated pages which is inscope for New Relic to New Relic - 2 upvotes, $0
  171. SUBDOMAIN TAKEOVER(FIXED) to New Relic - 2 upvotes, $0
  172. [login.newrelic.com] XSS via return_to to New Relic - 2 upvotes, $0
  173. Potential Subdomain Takeover - http://storefront.newrelic.com/ to New Relic - 2 upvotes, $0
  174. newrelic.com vulnerable to clickjacking ! to New Relic - 2 upvotes, $0
  175. no email confirmation on signup to New Relic - 2 upvotes, $0
  176. All the active session should destroy when user change his password to New Relic - 2 upvotes, $0
  177. Java RMI (Remote Code Execution) to New Relic - 2 upvotes, $0
  178. open redirection at login to New Relic - 2 upvotes, $0
  179. A Log in page does not properly validate the authenticity token at the server side to New Relic - 2 upvotes, $0
  180. Unauthorized Access to New Relic - 2 upvotes, $0
  181. Directory listing - i am able to download all php_agent archive to New Relic - 2 upvotes, $0
  182. Privilege Escalation in Share Report to New Relic - 2 upvotes, $0
  183. Unvalidated redirect in alerts.newrelic.com/auth/newrelic?origin= to New Relic - 2 upvotes, $0
  184. CRLF Injection in email address to New Relic - 2 upvotes, $0
  185. Site-wide clickjacking at IE11 to New Relic - 2 upvotes, $0
  186. Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration to New Relic - 2 upvotes, $0
  187. Secure credentials values disclosure to regular users due to access control issue in monitor creating function to New Relic - 2 upvotes, $0
  188. Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY to New Relic - 2 upvotes, $0
  189. Synthetics Xss to New Relic - 1 upvotes, $0
  190. Too many included lookups to New Relic - 1 upvotes, $0
  191. Stored XSS through Angular Expression Sandbox Escape to New Relic - 1 upvotes, $0
  192. Session takeover to New Relic - 1 upvotes, $0
  193. rpm.newrelic.com - monitor creation to other accounts to New Relic - 1 upvotes, $0
  194. Html injection in monitor name textbox to New Relic - 1 upvotes, $0
  195. All Active user sessions should be destroyed when user change his password! to New Relic - 1 upvotes, $0
  196. Server Side Browsing - localhost open port enumeration to New Relic - 1 upvotes, $0
  197. CSRF - Regenerate all admin api keys to New Relic - 1 upvotes, $0
  198. Emails and alert policies can be altered by malicious users. to New Relic - 1 upvotes, $0
  199. Stored Xss in rpm.newrelic.com to New Relic - 1 upvotes, $0
  200. WordPress User Enumeration - blog.newrelic.com to New Relic - 1 upvotes, $0
  201. Can fake content email of newrelic to any user to New Relic - 1 upvotes, $0
  202. Account owner/admin can't actually delete personal users' API keys to New Relic - 1 upvotes, $0
  203. "Basic user" which can only access a limited subset of the platform can access certain pages which are restricted to the user by the account owner. to New Relic - 1 upvotes, $0
  204. Moniter Failed Sends too many emails to New Relic - 0 upvotes, $0
  205. Sensitive information disclosure to New Relic - 0 upvotes, $0
  206. Insecure transition from HTTP to HTTPS in form post to New Relic - 0 upvotes, $0
  207. XSS (Reflected) to New Relic - 0 upvotes, $0
  208. Broken Authentication and session management OWASP A2 to New Relic - 0 upvotes, $0
  209. Newrelic s3 bucket is writeable and deleteable by authorized AWS users to New Relic - 0 upvotes, $0