BugCrowd Bug Bounty Disclosure: P3 – Hardcoded API Key Found in Public NASA GitHub Repository – Uma_Maheshwar_Ayyala

May 14, 2025
Hardcoded API Key Found in Public NASA GitHub Repository

Hardcoded API Key Found in Public NASA GitHub Repository

Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-05-12T18:51:47Z
Priority: P3
Status: Resolved

Summary

Hardcoded API Key Found in Public NASA GitHub Repository Allowing Unauthorized Access to Licensed Academic Data

During my security research, I identified a hardcoded API key within NASA’s public GitHub repository: podaac_tools_and_services. The key appeared to provide access to Elsevier’s Scopus API — a licensed academic service that offers premium search capabilities for scientific literature, including research articles, author profiles, and institutional affiliations.

Exposure of such credentials in public repositories can allow unauthorized users to access premium or sensitive data, violate third-party licensing agreements, or result in service abuse. Responsible disclosure of this issue helped ensure the protection of licensed academic resources and reduce potential misuse.

Activity Feed

Actor Details Timestamp (UTC)
Martin Martin published 2025-05-12T18:51:47Z
Uma_Maheshwar_Ayyala Uma_Maheshwar_Ayyala requested 2025-05-10T10:06:36Z
Brandon Brandon sent a: message 2025-05-05T17:59:27Z
Brandon Brandon sent a: message 2025-05-05T17:58:13Z
Brandon Brandon changed the state to to resolved 2025-05-05T17:57:44Z
Martin Martin changed the state to to unresolved 2025-04-25T18:19:38Z
viper-bugcrowd viper-bugcrowd changed the state to to triaged 2025-04-24T17:16:15Z
viper-bugcrowd viper-bugcrowd changed the severity to 2025-04-24T17:16:13Z
viper-bugcrowd viper-bugcrowd sent a: message 2025-04-24T17:16:11Z
Uma_Maheshwar_Ayyala Uma_Maheshwar_Ayyala created the submission 2025-04-24T12:42:55Z

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

[AKIRA] – Ransomware Victim: Franman

May 14, 2025
image

[AKIRA] – Ransomware Victim: Murphy Pearson Bradley & Feeney

May 14, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P5 – Reflected XSS on esto.nasa.gov allows arbitrary JavaScript execution and redirection – Faxcel

May 14, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P5 – an confidential pdf regarding technical memorandom – SahilGadhe

May 14, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P5 – Information Disclosure through configuration and various logs – yashjare

May 14, 2025