New Relic: Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin

Hey team, I have discovered a stored XSS vulnerability at infrastructure alerts runbook URL. There is a filter that is not allowed this URL to be with javascript: scheme, but I have found a way to bypass it. Alerts can't be created/modified by users with role lower than "admin" so I will show you...

New Relic: User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions

Details The endpoints POST /v2/accounts/:accountid/alerts/conditions create new and PUT /v2/accounts/:accountid/alerts/conditions/:conditionid update existing on infrastructure-alert.service.newrelic.com are vulnerable to privilege escalation. As per the screenshot below, an account with regular...