Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
We have determined based on the information provided by the stakeholder that this is expected functionality.
Information Disclosure - NAIS Center Super User List
Disclosed by asjadbutt- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 9 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by asjadbutt
A vulnerability was discovered on a NASA web endpoint, specifically within the cgi-bin directory. This endpoint is publicly accessible and returns a "NAIS Center Super User List" containing sensitive public information.