BugCrowd Bug Bounty Disclosure: P2 – Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php – green_hats

November 1, 2025
Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php

Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php

Researcher: green_hats
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-10-31T18:08:15Z
Priority: P2
Status: Resolved

Summary

An exposed API endpoint leaked 800+ user emails, names and other information related to NASA certifications. The API did not require any form of authentication.

Activity Feed

Actor Details Timestamp (UTC)
Martin_NASA Martin_NASA published 2025-10-31T18:08:15Z
green_hats green_hats requested 2025-10-31T03:41:09Z
Martin_NASA Martin_NASA sent a: message 2025-10-24T16:13:25Z
hexghost_bugcrowd hexghost_bugcrowd changed the state to to resolved 2025-10-23T20:09:39Z
Martin_NASA Martin_NASA changed the state to to unresolved 2025-10-03T16:32:25Z
hexghost_bugcrowd hexghost_bugcrowd changed the state to to triaged 2025-09-30T11:24:08Z
hexghost_bugcrowd hexghost_bugcrowd sent a: message 2025-09-30T11:24:07Z
hexghost_bugcrowd hexghost_bugcrowd changed the severity to 2025-09-30T11:23:41Z
green_hats green_hats created the submission 2025-09-29T17:38:29Z

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , ,

You may have missed

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P3 – Public Exposure of NASA FTP Credentials in CORAL Document (PDF Hosted on Google Docs) – sanrock

November 1, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov – green_hats

November 1, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P2 – Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php – green_hats

November 1, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P3 – Reflected XSS in Multiple Endpoints on GSFC Subdomain – Rahul-Hoysala

November 1, 2025
covenant

CovenantC2 Detected – 154[.]44[.]10[.]42:7443

November 1, 2025