BugCrowd Bug Bounty Disclosure: P5 - Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity - madhu873

Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity

Researcher: madhu873

Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program

Disclosed at: 2025-08-12T21:36:19Z

Priority: P5

Status: Informational

Summary

None of the documents are accessible without logging in. The names of the files and their authors provide little information.

Activity Feed

Actor	Details	Timestamp (UTC)
Martin_NASA	Martin_NASA published	2025-08-12T21:36:19Z
madhu873	madhu873 requested	2025-07-28T16:26:19Z
Mason357_Bugcrowd	Mason357_Bugcrowd sent a: message	2025-07-28T15:44:41Z
Mason357_Bugcrowd	Mason357_Bugcrowd changed the state to to informational	2025-07-28T15:44:36Z
Mason357_Bugcrowd	Mason357_Bugcrowd changed the severity to	2025-07-28T15:44:35Z
madhu873	madhu873 created the submission	2025-07-26T09:39:42Z

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: bug bounty, BugCrowd, OSINT

BugCrowd Bug Bounty Disclosure: P5 – Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity – madhu873

Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity

Summary

Activity Feed

[Palo Alto Networks Security Advisories] CVE-2025-2183 GlobalProtect App: Improper Certificate Validation Leads toPrivilege Escalation

[Palo Alto Networks Security Advisories] CVE-2025-2181 Checkov by Prisma Cloud: Cleartext Exposure of Credentials

[Palo Alto Networks Security Advisories] CVE-2025-2180 Checkov by Prisma Cloud: Unsafe Deserialization of Terraform FilesAllows Code Execution

[Palo Alto Networks Security Advisories] CVE-2025-2182 PAN-OS: Firewall Clusters using the MACsec Protocol Expose theConnectivity Association Key (CAK)

[Palo Alto Networks Security Advisories] CVE-2025-2184 Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VMImages

Summary

Activity Feed

You may have missed

[Palo Alto Networks Security Advisories] CVE-2025-2183 GlobalProtect App: Improper Certificate Validation Leads toPrivilege Escalation

[Palo Alto Networks Security Advisories] CVE-2025-2181 Checkov by Prisma Cloud: Cleartext Exposure of Credentials

[Palo Alto Networks Security Advisories] CVE-2025-2180 Checkov by Prisma Cloud: Unsafe Deserialization of Terraform FilesAllows Code Execution

[Palo Alto Networks Security Advisories] CVE-2025-2182 PAN-OS: Firewall Clusters using the MACsec Protocol Expose theConnectivity Association Key (CAK)

[Palo Alto Networks Security Advisories] CVE-2025-2184 Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VMImages