New Relic: CRLF Injection in email address

ID H1:796013
Type hackerone
Reporter ashmek
Modified 2020-03-03T13:09:31


The researcher discovered an issue where control characters can be used when intercepting a request to update an email address. This would result in an inaccessible account without intervention by our Support team. As denial-of-service is out of scope for our program, and since it is scoped to a specific and authenticated user, we closed this as N/A.