Skip to content

Latest commit

 

History

History
205 lines (201 loc) · 26.9 KB

TOPNEWRELIC.md

File metadata and controls

205 lines (201 loc) · 26.9 KB

Back

Top reports from New Relic program at HackerOne:

  1. Password theft login.newrelic.com via Request Smuggling to New Relic - 475 upvotes, $3000
  2. Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF to New Relic - 220 upvotes, $2500
  3. Cross-account stored XSS at embedded charts to New Relic - 154 upvotes, $3625
  4. Stored XSS in notes (charts) because of insecure chart data JSON generation to New Relic - 144 upvotes, $4250
  5. CSTI at Plugin page leading to active stored XSS (Publisher name) to New Relic - 89 upvotes, $2500
  6. Urgent! Stored XSS at plugin's violations leading to account takeover to New Relic - 79 upvotes, $2500
  7. IDOR via internal_api "users" endpoint to New Relic - 76 upvotes, $1500
  8. Host Header Injection to New Relic - 64 upvotes, $500
  9. Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation to New Relic - 62 upvotes, $2500
  10. Internal API endpoint discloses full account name of email address associated with unconfirmed user to New Relic - 60 upvotes, $1500
  11. [synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending to New Relic - 59 upvotes, $500
  12. (Prerelease UI) Stored XSS via role name in JSON chart to New Relic - 47 upvotes, $2500
  13. User can run monitors at private locations, which he has no access to to New Relic - 40 upvotes, $3000
  14. Stored XSS in Brower name field reflected in two pages to New Relic - 39 upvotes, $3000
  15. [NR Insights] Pull any Insights/NRQL data from any NR account to New Relic - 37 upvotes, $2500
  16. Bypass of my three other reports #267636 + #255894 + #271861 - (IDOR) Ability to see full name associated with other New Relic accounts to New Relic - 37 upvotes, $1500
  17. SSRF in alerts.newrelic.com exposes entire internal network to New Relic - 36 upvotes, $0
  18. Users can enable API access for free via mass assignment to New Relic - 30 upvotes, $0
  19. Sending thousands of notifications with single request to New Relic - 29 upvotes, $500
  20. Adding your account to victim's app via deeplink to New Relic - 27 upvotes, $100
  21. [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint to New Relic - 26 upvotes, $2500
  22. The impossibility of inclusion of the trial (BROWSER) to New Relic - 26 upvotes, $200
  23. HTML injection at Alert email to New Relic - 25 upvotes, $250
  24. Cache-Control Misconfiguration Leads to Sensitive Information Leakage to New Relic - 25 upvotes, $0
  25. Stored XSS firing at transaction map (applicationName field) to New Relic - 17 upvotes, $2500
  26. User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions to New Relic - 17 upvotes, $500
  27. Open redirection to New Relic - 17 upvotes, $0
  28. Stored XSS firing at the "Add chart to note" popup to New Relic - 16 upvotes, $2500
  29. NR Internal_API call allows me to read the events/violations/policies/messages of ANY New Relic account (AND pull data from infrastructure) to New Relic - 16 upvotes, $1000
  30. A user with restricted privileges is able to view Phone Number + Billing Email of account owner to New Relic - 16 upvotes, $0
  31. Stored XSS via "my recent queries" selector in NRQL dashboard builder to New Relic - 15 upvotes, $2500
  32. [NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894 to New Relic - 15 upvotes, $1500
  33. [NR Synthetics] Restricted User can add/modify alert conditions on monitors without any synthetics privileges to New Relic - 15 upvotes, $750
  34. Mobile Authentication Endpoint Credentials Brute-Force Vulnerability to New Relic - 15 upvotes, $0
  35. [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users to New Relic - 14 upvotes, $1500
  36. GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user to New Relic - 14 upvotes, $750
  37. Stored XSS at APM applications listing to New Relic - 13 upvotes, $2500
  38. Stored XSS at APM key transactions list to New Relic - 13 upvotes, $2500
  39. Giving myself access to NR1 UI / one.newrelic.com without the proper feature flags on my account to New Relic - 13 upvotes, $500
  40. Missing rate limit on password to New Relic - 13 upvotes, $0
  41. Blind SSRF on synthetics.newrelic.com to New Relic - 13 upvotes, $0
  42. Internal Ports Scanning via Blind SSRF to New Relic - 13 upvotes, $0
  43. Blind SSRF in Ticketing Integrations Jira webhooks leading to internal network enumeration and blind HTTP requests to New Relic - 13 upvotes, $0
  44. APT repository is signed using weak digest (SHA-1) to New Relic - 12 upvotes, $0
  45. SSO Authentication Bypass to New Relic - 12 upvotes, $0
  46. Swiftype key stored in JavaScript source to New Relic - 12 upvotes, $0
  47. Cross-account stored XSS at notes (through "swf" note parameter) to New Relic - 11 upvotes, $2000
  48. CSRF- delete all empty server policy to New Relic - 11 upvotes, $0
  49. [docs-ra.newrelic.com] subdomain and Drupal takeover via unconfigured endpoint to New Relic - 11 upvotes, $0
  50. Captcha Bypass on SignUp Form to New Relic - 11 upvotes, $0
  51. stamp2-azure-ext.newrelic.com is vulnerable to MS12-020 to New Relic - 11 upvotes, $0
  52. Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page to New Relic - 10 upvotes, $1500
  53. [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID} to New Relic - 10 upvotes, $750
  54. [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app to New Relic - 10 upvotes, $750
  55. Upgrade menu exposes the mobile application token meant to only be visible to administrators to New Relic - 10 upvotes, $750
  56. Full name of other accounts exposed through NR API Explorer (another workaround of #476958) to New Relic - 10 upvotes, $750
  57. newrelic.atlassian.net - jira information disclosure to New Relic - 10 upvotes, $0
  58. Stored XSS Via NRQL chartbuilder JSON view to New Relic - 9 upvotes, $2500
  59. Vulnerable Link Leaks the User Names to New Relic - 9 upvotes, $0
  60. No validation on account names to New Relic - 9 upvotes, $0
  61. Stored XSS at Synthetics private locations (planted through location label or description) to New Relic - 8 upvotes, $2500
  62. Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter to New Relic - 8 upvotes, $2000
  63. https://rpm.newrelic.com/login vulnerable to host header attack to New Relic - 8 upvotes, $0
  64. Restricted User is able to edit Alert Conditions of Synthetics Monitors even if Synthetics Permissions is enabled by an admin to New Relic - 8 upvotes, $0
  65. Bypass of my two other reports #267636 + #255894 - (IDOR) Ability to see full name associated with other New Relic accounts to New Relic - 8 upvotes, $0
  66. Drupal admin takeover via install.php not being performed prior to install. to New Relic - 8 upvotes, $0
  67. Mixed content issues on newrelic.com to New Relic - 8 upvotes, $0
  68. Stored XSS at Mobile (Versions tab) to New Relic - 7 upvotes, $2500
  69. Passive stored XSS at Synthetics job result page (View resource) to New Relic - 7 upvotes, $1075
  70. Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints to New Relic - 7 upvotes, $900
  71. [NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint to New Relic - 7 upvotes, $750
  72. One Click Remote Code Injection - *.blog.newrelic.com to New Relic - 7 upvotes, $506
  73. Logic flaw enables restricted account to access account license key to New Relic - 7 upvotes, $500
  74. SSRF on synthetics.newrelic.com permitting access to sensitive data to New Relic - 7 upvotes, $0
  75. Session Management Flaw to New Relic - 7 upvotes, $0
  76. CSRF vulnerability that allows an attacker to purge plugin metric data to New Relic - 7 upvotes, $0
  77. Leaking license key in source code to New Relic - 7 upvotes, $0
  78. JIRA account misconfig causes internal info leak to New Relic - 7 upvotes, $0
  79. Cache purge requests are not authenticated to New Relic - 7 upvotes, $0
  80. Session Hijacking to New Relic - 7 upvotes, $0
  81. CSRF For Adding Users to New Relic - 7 upvotes, $0
  82. [Bypass] Code injection to open redirect in https://insights.newrelic.com/accounts/2521182/dashboards/1026927 to New Relic - 7 upvotes, $0
  83. Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values) to New Relic - 6 upvotes, $2500
  84. IDOR allows accounts to view full name of other accounts based on email through share notes feature to New Relic - 6 upvotes, $750
  85. Open redirection on login to New Relic - 6 upvotes, $0
  86. Sensitive information contained with New Relic APM iOS application to New Relic - 6 upvotes, $0
  87. Potential sub-domain hijacking to New Relic - 6 upvotes, $0
  88. CSRF - Delete all empty application policy to New Relic - 6 upvotes, $0
  89. NR-wide cross account access through misconfigured CORS-policy of multiple endpoints to New Relic - 5 upvotes, $3125
  90. Stored XSS at APM transaction map (transactionName field) to New Relic - 5 upvotes, $2500
  91. CSRF at adding new role (user-management.service.newrelic.com) to New Relic - 5 upvotes, $1500
  92. Permissions leaks the full name of other NR accounts - Regression of #267636 to New Relic - 5 upvotes, $1500
  93. [NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key to New Relic - 5 upvotes, $750
  94. Restricted user can add and delete tags of APM key transactions to New Relic - 5 upvotes, $750
  95. [NR Infrastructure] Restricted user can update integration provider account name via integrations API to New Relic - 5 upvotes, $750
  96. [NR Alerts] Internal API exposes Synthetics monitor details to a restricted user without view monitor permissions to New Relic - 5 upvotes, $750
  97. [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts to New Relic - 5 upvotes, $750
  98. User is able to access and create private synthetics locations without upgrading (regression of #276157) to New Relic - 5 upvotes, $500
  99. Restricted user can bypass permissions restriction to create NR Alert policies to New Relic - 5 upvotes, $500
  100. http://newrelic.com SSRF/XSPA to New Relic - 5 upvotes, $0
  101. CSV Injection in sub_accounts.csv to New Relic - 5 upvotes, $0
  102. /accounts/USERID.json file is left open for Restricted User of organization disclosing Owners's Mobile Number and "billing_info, cc_email" to New Relic - 5 upvotes, $0
  103. Privilege Escalation in Default Notification Preferences to New Relic - 5 upvotes, $0
  104. Missing security best practices (leads to further impact) to New Relic - 5 upvotes, $0
  105. CSTI fix (#587829) bypass leading to stored XSS at plugins again to New Relic - 4 upvotes, $1000
  106. Stored XSS firing if the error occurs when trying to delete the APM app to New Relic - 4 upvotes, $750
  107. CSRF at acknowledging an incident to New Relic - 4 upvotes, $750
  108. NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled to New Relic - 4 upvotes, $750
  109. Manipulation of submit payment request allows me to obtain Infrastructure Pro/Other Services for free or at greatly reduced price to New Relic - 4 upvotes, $600
  110. Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page to New Relic - 4 upvotes, $500
  111. https://rpm.newrelic.com/.htaccess file is world readable to New Relic - 4 upvotes, $0
  112. Open redirection bypass to New Relic - 4 upvotes, $0
  113. Normal user can set "Job title" of other users by Direct Object Reference to New Relic - 4 upvotes, $0
  114. User enumeration possible from log-in timing difference to New Relic - 4 upvotes, $0
  115. Login Open Redirect to New Relic - 4 upvotes, $0
  116. newrelic.com rails directory traversal vuln to New Relic - 4 upvotes, $0
  117. Improper Session Management to New Relic - 4 upvotes, $0
  118. Privilege Escalation In Moniter to New Relic - 4 upvotes, $0
  119. [alerts.newrelic.com] Scanning local network via notification channel to New Relic - 4 upvotes, $0
  120. No Rate Limitation on Promo Code to New Relic - 4 upvotes, $0
  121. Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc. to New Relic - 4 upvotes, $0
  122. Cross site scripting in a subdomain of newrelic.com to New Relic - 4 upvotes, $0
  123. Stored XSS on BillingCountry parameter to New Relic - 4 upvotes, $0
  124. Sub domain issues. to New Relic - 4 upvotes, $0
  125. SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability to New Relic - 4 upvotes, $0
  126. Hyperlink Injection on adding active users to New Relic - 4 upvotes, $0
  127. Bypassing Protection Mechanism: Change of Account Name after Session Log out to New Relic - 4 upvotes, $0
  128. Stored XSS at APM apps labels autocomplete dropdown (apps listing) to New Relic - 3 upvotes, $2500
  129. Cross-account reading of Insights dashboards through GraphQL to New Relic - 3 upvotes, $1500
  130. Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin to New Relic - 3 upvotes, $1337
  131. Restricted user can manage the NerdGraph entities' tags to New Relic - 3 upvotes, $750
  132. Attacker can create new account inside any partnership with no approve from the Partnership owner to New Relic - 3 upvotes, $695
  133. Restricted user can update Apdex target for applications by leveraging the GraphQL mutation to New Relic - 3 upvotes, $626
  134. Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets to New Relic - 3 upvotes, $250
  135. Ability to buy PRO subscriptions by arbitrary reduced prices to New Relic - 3 upvotes, $203
  136. New Relic - Session Hijacking to New Relic - 3 upvotes, $0
  137. Login CSRF vulnerability to New Relic - 3 upvotes, $0
  138. Basic Authorization over HTTP to New Relic - 3 upvotes, $0
  139. Unsafe HTML in reset password email and Account verification in email is missing in Sign up to New Relic - 3 upvotes, $0
  140. Password disclosure during signup process to New Relic - 3 upvotes, $0
  141. HOST HEADER INJECTION in rpm.newrelic.com to New Relic - 3 upvotes, $0
  142. Open redirection to New Relic - 3 upvotes, $0
  143. Cookie Misconfiguration to New Relic - 3 upvotes, $0
  144. Open redirection bypass . to New Relic - 3 upvotes, $0
  145. [download.newrelic.com] Access to private directories to New Relic - 3 upvotes, $0
  146. Html injection in monitor name textbox to New Relic - 3 upvotes, $0
  147. A Signup page does not properly validate the authenticity token at the server side. to New Relic - 3 upvotes, $0
  148. Reflected XSS on Signup Page to New Relic - 3 upvotes, $0
  149. XSS in a newrelic.com site to New Relic - 3 upvotes, $0
  150. Open Redirect to New Relic - 3 upvotes, $0
  151. IDOR - User is able to download charts/dashboards from cross accounts to New Relic - 3 upvotes, $0
  152. [New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs) to New Relic - 2 upvotes, $750
  153. Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration to New Relic - 2 upvotes, $625
  154. Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY to New Relic - 2 upvotes, $600
  155. Site-wide clickjacking at IE11 to New Relic - 2 upvotes, $500
  156. Secure credentials values disclosure to regular users due to access control issue in monitor creating function to New Relic - 2 upvotes, $500
  157. Old CAPTCHA offers no protection to New Relic - 2 upvotes, $0
  158. Stored Cross-Site Scripting via Angular Template Injection to New Relic - 2 upvotes, $0
  159. SUBDOMAIN TAKEOVER(FIXED) to New Relic - 2 upvotes, $0
  160. [login.newrelic.com] XSS via return_to to New Relic - 2 upvotes, $0
  161. Potential Subdomain Takeover - http://storefront.newrelic.com/ to New Relic - 2 upvotes, $0
  162. No CSRF validation on Account Monitors in Synthetics Block to New Relic - 2 upvotes, $0
  163. newrelic.com vulnerable to clickjacking ! to New Relic - 2 upvotes, $0
  164. no email confirmation on signup to New Relic - 2 upvotes, $0
  165. All the active session should destroy when user change his password to New Relic - 2 upvotes, $0
  166. Java RMI (Remote Code Execution) to New Relic - 2 upvotes, $0
  167. Host Header Injection / Cache Poisoning to New Relic - 2 upvotes, $0
  168. open redirection at login to New Relic - 2 upvotes, $0
  169. A Log in page does not properly validate the authenticity token at the server side to New Relic - 2 upvotes, $0
  170. Unauthorized Access to New Relic - 2 upvotes, $0
  171. Directory listing - i am able to download all php_agent archive to New Relic - 2 upvotes, $0
  172. Privilege Escalation in Share Report to New Relic - 2 upvotes, $0
  173. Unvalidated redirect in alerts.newrelic.com/auth/newrelic?origin= to New Relic - 2 upvotes, $0
  174. DNS misconfiguration on email.alerts.newrelic.com to New Relic - 2 upvotes, $0
  175. WordPress username enumeration (/author) to New Relic - 2 upvotes, $0
  176. CRLF Injection in email address to New Relic - 2 upvotes, $0
  177. Account owner/admin can't actually delete personal users' API keys to New Relic - 1 upvotes, $500
  178. Synthetics Xss to New Relic - 1 upvotes, $0
  179. Too many included lookups to New Relic - 1 upvotes, $0
  180. Clickjacking on authenticated pages which is inscope for New Relic to New Relic - 1 upvotes, $0
  181. Stored XSS through Angular Expression Sandbox Escape to New Relic - 1 upvotes, $0
  182. Session takeover to New Relic - 1 upvotes, $0
  183. rpm.newrelic.com - monitor creation to other accounts to New Relic - 1 upvotes, $0
  184. Html injection in monitor name textbox to New Relic - 1 upvotes, $0
  185. All Active user sessions should be destroyed when user change his password! to New Relic - 1 upvotes, $0
  186. Server Side Browsing - localhost open port enumeration to New Relic - 1 upvotes, $0
  187. CSRF - Regenerate all admin api keys to New Relic - 1 upvotes, $0
  188. Emails and alert policies can be altered by malicious users. to New Relic - 1 upvotes, $0
  189. Stored Xss in rpm.newrelic.com to New Relic - 1 upvotes, $0
  190. WordPress User Enumeration - blog.newrelic.com to New Relic - 1 upvotes, $0
  191. Can fake content email of newrelic to any user to New Relic - 1 upvotes, $0
  192. "Basic user" which can only access a limited subset of the platform can access certain pages which are restricted to the user by the account owner. to New Relic - 1 upvotes, $0
  193. Moniter Failed Sends too many emails to New Relic - 0 upvotes, $0
  194. Sensitive information disclosure to New Relic - 0 upvotes, $0
  195. Insecure transition from HTTP to HTTPS in form post to New Relic - 0 upvotes, $0
  196. XSS (Reflected) to New Relic - 0 upvotes, $0
  197. Broken Authentication and session management OWASP A2 to New Relic - 0 upvotes, $0
  198. Newrelic s3 bucket is writeable and deleteable by authorized AWS users to New Relic - 0 upvotes, $0

Back