BugCrowd Bug Bounty Disclosure: P4 – Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle –

October 16, 2025
Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle

Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle

Researcher:
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-09-25T16:54:38Z
Priority: P4
Status: Resolved

Summary

NASA’s Internal JIRA System Data was inadvertently published on JSFiddle, exposing complete Project Management Records, Employee PII, and Mission Configuration Data. The Publicly accessible Data posed Security risks to NASA Personnel and Operations.

Activity Feed

Actor Details Timestamp (UTC)
Martin_NASA Martin_NASA sent a: message 2025-09-25T16:56:00Z
Martin_NASA Martin_NASA published 2025-09-25T16:54:38Z
dev_ali dev_ali requested 2025-09-22T19:55:02Z
dev_ali dev_ali sent a: message 2025-09-19T07:37:27Z
dev_ali dev_ali sent a: message 2025-09-18T14:39:59Z
Martin_NASA Martin_NASA sent a: message 2025-09-18T14:11:15Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to resolved 2025-09-17T22:40:07Z
Martin_NASA Martin_NASA changed the state to to unresolved 2025-08-29T14:41:03Z
dev_ali dev_ali sent a: message 2025-08-22T18:37:44Z
Mason357_Bugcrowd Mason357_Bugcrowd sent a: message 2025-08-22T16:28:18Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to triaged 2025-08-22T16:28:11Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the severity to 2025-08-22T16:28:09Z
dev_ali dev_ali created the submission 2025-08-21T19:04:40Z

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , ,

You may have missed

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle –

October 16, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk – Epenetus-Matias-Putra

October 16, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ – uko3211

October 16, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P5 – internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) – Theekshana_kusal

October 16, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P5 – Directory Listing Vulnerability – Vinit06

October 16, 2025