Lucene search
+L

5 matches found

Hacker One
Hacker One
added 2020/02/02 9:50 p.m.21 views

New Relic: Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)

@skavans identified an endpoint for testing Synthetics monitors. Without proper validation, this could allow monitors from other accounts to run on your account with knowledge of the monitor's ID: POST /accounts//monitors/monitor/recheck.json?monitorId= HTTP/1.1 Host: synthetics.newrelic.com...

3.9AI score
Exploits0
Hacker One
Hacker One
added 2019/08/23 9:47 p.m.15 views

New Relic: User can run monitors at private locations, which he has no access to

@skavans discovered that insufficient validation was performed when configuring Synthetics monitors allowing deployment to arbitrary private locations with knowledge of the location ID: POST /accounts//validation.json HTTP/1.1 Host: synthetics.newrelic.com...

2AI score
Exploits0
Hacker One
Hacker One
added 2018/07/26 7:51 p.m.14 views

New Relic: NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled

@jonbottarini identified an issue where our permissions for Synthetics didn't match the permissions elsewhere in our product. This eventually led to a change in our underlying permissions code to unify our products and prevent issues like this...

3.6AI score
Exploits0
Hacker One
Hacker One
added 2018/02/28 8:16 a.m.18 views

New Relic: [NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}

This report is two reports in one, but I figured why create two reports when the root cause is essentially the same exact endpoint. Description When a restricted user with no permissions to view synthetics monitors tries to navigate to the permissions settings within Synthetics...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/01/11 1:35 a.m.21 views

New Relic: Restricted User is able to edit Alert Conditions of Synthetics Monitors even if Synthetics Permissions is enabled by an admin

In this vulnerability, a restricted user is able to edit the alert conditions of a synthetics monitor, even if he is unauthorized to do so. Steps to reproduce: - Admin user invites User1 to New Relic account as a restricted user - User1 accepts invitation, joins the account - Admin goes to...

6.9AI score
Exploits0
Rows per page
Query Builder