Public
New Relic
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
New Relic
-
SSRF in alerts.newrelic.com exposes entire internal network
New Relic
-
Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc.
New Relic
-
Potential sub-domain hijacking
New Relic
-
Open Redirect
New Relic
-
Stored Xss in rpm.newrelic.com
New Relic
-
SSO Authentication Bypass
New Relic
-
HOST HEADER INJECTION in rpm.newrelic.com
New Relic
-
Session Hijacking
New Relic
-
Java RMI (Remote Code Execution)
New Relic
-
Cookie Misconfiguration
New Relic
-
All Active user sessions should be destroyed when user change his password!
New Relic
-
CSRF vulnerability that allows an attacker to purge plugin metric data
New Relic
-
Login CSRF vulnerability
New Relic
-
Leaking license key in source code
New Relic
-
Cache purge requests are not authenticated
New Relic
-
[alerts.newrelic.com] Scanning local network via notification channel
New Relic
-
Session Management Flaw
New Relic
-
XSS in a newrelic.com site
New Relic
-
http://newrelic.com SSRF/XSPA
New Relic
-
Html injection in monitor name textbox
New Relic
-
Open redirection bypass .
New Relic
-
SSRF on synthetics.newrelic.com permitting access to sensitive data
New Relic
-
Blind SSRF on synthetics.newrelic.com
New Relic
-
Session takeover
New Relic
-
No CSRF validation on Account Monitors in Synthetics Block
New Relic
-
JIRA account misconfig causes internal info leak
New Relic
-
Privilege Escalation In Moniter
New Relic
-
Improper Session Management
New Relic
-
Missing rate limit on password
New Relic
-
New Relic - Session Hijacking
New Relic
-
newrelic.com rails directory traversal vuln
New Relic
-
Cache-Control Misconfiguration Leads to Sensitive Information Leakage
New Relic
-
Stored Cross-Site Scripting via Angular Template Injection
New Relic
-
Open redirection
New Relic
-
Login Open Redirect
New Relic
-
Sensitive information contained with New Relic APM iOS application
New Relic
-
APT repository is signed using weak digest (SHA-1)
New Relic
-
Clickjacking on authenticated pages which is inscope for New Relic
New Relic
-
Password disclosure during signup process
New Relic
-
Open redirection bypass
New Relic
-
rpm.newrelic.com - monitor creation to other accounts
New Relic
-
Mobile Authentication Endpoint Credentials Brute-Force Vulnerability
New Relic
-
CSV Injection in sub_accounts.csv
New Relic
-
Old CAPTCHA offers no protection
New Relic
-
User enumeration possible from log-in timing difference
New Relic
-
Too many included lookups
New Relic
-
Stored XSS through Angular Expression Sandbox Escape
New Relic
-
Synthetics Xss
New Relic
-
Host Header Injection / Cache Poisoning
New Relic
-
Normal user can set "Job title" of other users by Direct Object Reference
New Relic
-
All the active session should destroy when user change his password
New Relic
-
Open redirection on login
New Relic
-
no email confirmation on signup
New Relic
-
newrelic.com vulnerable to clickjacking !
New Relic
-
Emails and alert policies can be altered by malicious users.
New Relic
-
CSRF- delete all empty server policy
New Relic
-
CSRF - Delete all empty application policy
New Relic
-
No Rate Limitation on Promo Code
New Relic
-
Vulnerable Link Leaks the User Names
New Relic
-
https://rpm.newrelic.com/login vulnerable to host header attack
New Relic
-
https://rpm.newrelic.com/.htaccess file is world readable
New Relic
-
Server Side Browsing - localhost open port enumeration
New Relic
-
CSRF - Regenerate all admin api keys
New Relic
-
Reflected XSS on Signup Page
New Relic
-
open redirection at login
New Relic
-
Potential Subdomain Takeover - http://storefront.newrelic.com/
New Relic
-
Unauthorized Access
New Relic
-
[download.newrelic.com] Access to private directories
New Relic
-
[login.newrelic.com] XSS via return_to
New Relic
-
SUBDOMAIN TAKEOVER(FIXED)
New Relic
-
Basic Authorization over HTTP
New Relic
-
Html injection in monitor name textbox
New Relic
-
Unsafe HTML in reset password email and Account verification in email is missing in Sign up
New Relic
-
A Signup page does not properly validate the authenticity token at the server side.
New Relic
-
A Log in page does not properly validate the authenticity token at the server side
New Relic
-
No validation on account names