BugCrowd Bug Bounty Disclosure: P4 – Public Exposure of PII of NASA Meeting Registrations – chirag8023

September 26, 2025
Public Exposure of PII of NASA Meeting Registrations

Public Exposure of PII of NASA Meeting Registrations

Researcher: chirag8023
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-09-25T16:52:13Z
Priority: P4
Status: Resolved

Summary

I discovered that multiple publicly accessible documents on NASA subdomains contained personally identifiable information (PII) of staff, collaborators, and stakeholders (names, emails, phone numbers, addresses). While the files were not hidden, they exposed sensitive contact details. I reported this exposure responsibly through Bugcrowd’s VDP so NASA could take corrective action.

The finding was made using only publicly available archival resources and manual inspection — no intrusive techniques.

Activity Feed

Actor Details Timestamp (UTC)
Martin_NASA Martin_NASA published 2025-09-25T16:52:13Z
chirag8023 chirag8023 requested 2025-09-22T08:53:07Z
Martin_NASA Martin_NASA sent a: message 2025-09-18T14:05:21Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to resolved 2025-09-17T22:44:13Z
Martin_NASA Martin_NASA changed the state to to unresolved 2025-09-12T18:37:24Z
pm_bugcrowd pm_bugcrowd marked the response request as resolved 2025-09-10T21:48:06Z
pm_bugcrowd pm_bugcrowd sent a: message 2025-09-10T21:48:05Z
pm_bugcrowd pm_bugcrowd changed the state to to triaged 2025-09-10T21:47:16Z
pm_bugcrowd pm_bugcrowd sent a: message 2025-09-10T21:47:16Z
pm_bugcrowd pm_bugcrowd changed the severity to 2025-09-10T21:46:33Z
pm_bugcrowd pm_bugcrowd changed the severity to 2025-09-10T21:46:28Z
pm_bugcrowd pm_bugcrowd changed the state to to nue 2025-09-10T21:45:35Z
chirag8023 chirag8023 submitted a response request from 2025-09-09T05:28:36Z
teapot_bugcrowd teapot_bugcrowd sent a: message 2025-09-08T14:08:32Z
teapot_bugcrowd teapot_bugcrowd changed the state to to not_applicable 2025-09-08T14:08:31Z
chirag8023 chirag8023 created the submission 2025-09-08T03:30:09Z

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – Public Exposure of PII of NASA Meeting Registrations – chirag8023

September 26, 2025
image

CVE Alert: CVE-2025-20333 – Cisco – Cisco Adaptive Security Appliance (ASA) Software

September 25, 2025
image

CVE Alert: CVE-2025-20362 – Cisco – Cisco Adaptive Security Appliance (ASA) Software

September 25, 2025
image

CVE Alert: CVE-2025-20334 – Cisco – Cisco IOS XE Software

September 25, 2025
hkcert

Cisco Products Multiple Vulnerabilities

September 25, 2025