BugCrowd Bug Bounty Disclosure: P5 – Cross site scripting – XSS – maxmuxammil
Cross site scripting - XSS Cross site scripting - XSS Researcher: maxmuxammil Engagement: National Aeronautics and Space Administration (NASA) -...
BugCrowd
BugCrowd Bug Bounty Disclosure: P5 – Session ID Disclosure via Referer Header to Third-Party Domains (nspires.nasaprs.com) – madhu873
Session ID Disclosure via Referer Header to Third-Party Domains (nspires.nasaprs.com) Session ID Disclosure via Referer Header to Third-Party Domains (nspires.nasaprs.com)...
BugCrowd Bug Bounty Disclosure: P4 – Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov – green_hats
Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov Unauthorised Access to GoAccess Logs on https://mwsci.jpl.nasa.gov Researcher: green_hats Engagement: National Aeronautics and...
BugCrowd Bug Bounty Disclosure: P3 – Public Exposure of NASA FTP Credentials in CORAL Document (PDF Hosted on Google Docs) – sanrock
Public Exposure of NASA FTP Credentials in CORAL Document (PDF Hosted on Google Docs) Public Exposure of NASA FTP Credentials...
BugCrowd Bug Bounty Disclosure: P3 – Reflected XSS in Multiple Endpoints on GSFC Subdomain – Rahul-Hoysala
Reflected XSS in Multiple Endpoints on GSFC Subdomain Reflected XSS in Multiple Endpoints on GSFC Subdomain Researcher: Rahul-Hoysala Engagement: National...
BugCrowd Bug Bounty Disclosure: P2 – Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php – green_hats
Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php Exposed Emails and Names on https://mttc.jpl.nasa.gov/api/retrieve-certs.php Researcher: green_hats Engagement: National Aeronautics and Space Administration...
BugCrowd Bug Bounty Disclosure: P5 – Source Code Disclosure – oversudo
Source Code Disclosure Source Code Disclosure Researcher: oversudo Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
BugCrowd Bug Bounty Disclosure: P3 – Reflected XSS in `type` parameter on nlsp.nasa.gov – Marcel_Malaeb
Reflected XSS in `type` parameter on nlsp.nasa.gov Reflected XSS in `type` parameter on nlsp.nasa.gov Researcher: Marcel_Malaeb Engagement: National Aeronautics and...
BugCrowd Bug Bounty Disclosure: P5 – internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) – Theekshana_kusal
internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov) Researcher: Theekshana_kusal Engagement: National...
BugCrowd Bug Bounty Disclosure: P4 – open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ – uko3211
open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ open redirect vulnerability occurring at https://keycloak.shared-services.staging.appdat.jsc.nasa.gov/ Researcher: uko3211 Engagement: National Aeronautics and Space Administration...
BugCrowd Bug Bounty Disclosure: P4 – Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk – Epenetus-Matias-Putra
Publicly editable Google Slides linked from nasa.gov enables unauthorized content modification (content integrity & brand abuse risk Publicly editable Google...
BugCrowd Bug Bounty Disclosure: P4 – Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle –
Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle Sensitive NASA Jira & Employee Data Exposure via Public JSFiddle...
BugCrowd Bug Bounty Disclosure: P5 – Directory Listing Vulnerability – Vinit06
Directory Listing Vulnerability Directory Listing Vulnerability Researcher: Vinit06 Engagement: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program Disclosed...
BugCrowd Bug Bounty Disclosure: P4 – Public Exposure of PII of NASA Meeting Registrations – chirag8023
Public Exposure of PII of NASA Meeting Registrations Public Exposure of PII of NASA Meeting Registrations Researcher: chirag8023 Engagement: National...
BugCrowd Bug Bounty Disclosure: P4 – Members can enumerate and delete organization invites –
Members can enumerate and delete organization invites Members can enumerate and delete organization invites Researcher: Engagement: PostHog Vulnerability Disclosure Engagement...
BugCrowd Bug Bounty Disclosure: P3 – Details of the collaboration between NASA and Inmarsat Government and the type of contract –
Details of the collaboration between NASA and Inmarsat Government and the type of contract Details of the collaboration between NASA...
BugCrowd Bug Bounty Disclosure: P3 – Publicly Editable Google Docs Linked from NASA SnowEx PPT –
Publicly Editable Google Docs Linked from NASA SnowEx PPT Publicly Editable Google Docs Linked from NASA SnowEx PPT Researcher: Engagement:...
BugCrowd Bug Bounty Disclosure: P5 – Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp – madhu873
Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Reflected Cross-Site Scripting (XSS) on www.nasa.gov/search/search.jsp Researcher: madhu873 Engagement: National Aeronautics and Space Administration...
BugCrowd Bug Bounty Disclosure: P5 – NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal Information (PII) –
NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal Information (PII) NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal...
BugCrowd Bug Bounty Disclosure: P3 – Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s Git Repository – _x3ro_
Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s Git Repository Publicly Accessible .env File Exposing Hardcoded Credentials on NASA’s...
BugCrowd Bug Bounty Disclosure: P3 – Leak of usernames from a private website –
Leak of usernames from a private website Leak of usernames from a private website Researcher: Engagement: National Aeronautics and Space...
BugCrowd Bug Bounty Disclosure: P3 – Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability – Black_charon
Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Unauthorized Disclosure of PII via Internal NASA Doc Vulnerability Researcher: Black_charon...
BugCrowd Bug Bounty Disclosure: P5 – Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity – madhu873
Unauthenticated metadata disclosure of protected NASA flight reports and mission schedules via /ajax/activity Unauthenticated metadata disclosure of protected NASA flight...
BugCrowd Bug Bounty Disclosure: P3 – Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability – Black_charon
Critical Identity and Communication Data Exposed in Unprotected NASA Hangar Demolition Doc Vulnerability Critical Identity and Communication Data Exposed in...
