Newrelic


Most disclosed vulnerability type (28 disclosures) — Privilege Escalation

jon_bottarini has disclosed the most with 41 reports!

184 total issues disclosed

$113,669 total paid publicly


Accepts reports via HackerOne

Newrelic's top public payouts




Most recently disclosed


Rating: None


Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter

@ Submitted by jon_bottarini
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-09-04

Rating: High


IDOR via internal_api "users" endpoint

@ Submitted by jon_bottarini
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-09-04

Rating: Medium


[NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint

@ Submitted by jon_bottarini
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-09-04

Rating: High


[NR Synthetics] (IDOR) Ability to see full name associated with other New Relic accounts through workaround of #255894

@ Submitted by jon_bottarini
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-09-04

Rating: Medium


Rating: Medium


Rating: Medium


[NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users

@ Submitted by jon_bottarini
Bug Type: Insecure Direct Object Reference (IDOR)

Disclosed on 2020-09-04

Rating: Medium


Rating: Medium


Rating: Medium


Restricted user can bypass permissions restriction to create NR Alert policies

@ Submitted by jon_bottarini
Bug Type: Privilege Escalation

Disclosed on 2020-09-04

Rating: Medium


User is able to access and create private synthetics locations without upgrading (regression of #276157)

@ Submitted by jon_bottarini
Bug Type: Client-Side Enforcement of Server-Side Security

Disclosed on 2020-09-04

Rating: Low


Rating: Medium


Rating: Medium


Logic flaw enables restricted account to access account license key

@ Submitted by jon_bottarini
Bug Type: Privilege Escalation

Disclosed on 2020-09-04

Rating: Medium