BugCrowd Bug Bounty Disclosure: P4 – Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov – green_hats

November 1, 2025
Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov

Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov

Researcher: green_hats
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-10-31T18:09:13Z
Priority: P4
Status: Resolved

Summary

GoAccess logs were publicly accessible on the server, allowing anyone to view the IP addresses, origin country and endpoints of users. It also provided detailed server metric breakdowns.

Activity Feed

Actor Details Timestamp (UTC)
Martin_NASA Martin_NASA published 2025-10-31T18:09:13Z
green_hats green_hats requested 2025-10-31T03:46:11Z
Spruiell_NASA Spruiell_NASA sent a: message 2025-10-22T14:44:46Z
Spruiell_NASA Spruiell_NASA changed the state to to resolved 2025-10-22T14:42:25Z
Martin_NASA Martin_NASA changed the state to to unresolved 2025-10-08T19:52:16Z
hexghost_bugcrowd hexghost_bugcrowd changed the state to to triaged 2025-09-30T11:18:51Z
hexghost_bugcrowd hexghost_bugcrowd sent a: message 2025-09-30T11:18:51Z
hexghost_bugcrowd hexghost_bugcrowd updated 2025-09-30T11:17:26Z
green_hats green_hats created the submission 2025-09-29T16:59:33Z

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , ,

You may have missed

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P3 – Public Exposure of NASA FTP Credentials in CORAL Document (PDF Hosted on Google Docs) – sanrock

November 1, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P4 – Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov – green_hats

November 1, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P2 – Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php – green_hats

November 1, 2025
Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P3 – Reflected XSS in Multiple Endpoints on GSFC Subdomain – Rahul-Hoysala

November 1, 2025
covenant

CovenantC2 Detected – 154[.]44[.]10[.]42:7443

November 1, 2025