SpaceX debug page accessible when using Starlink - CrowdStream

Summary by SpaceX/Starlink

While standing up new ground infrastructure, we exposed unauthenticated services externally. We appreciate this report that helped us quickly identify and remediate this in a responsible way.

Summary by JP_Bennett

Internal IPs discovered via a simple Traceroute had exposed ports when visiting from a Starlink ISP connection. What looked like an information disclosure only, was soon confirmed to be more serious due to an exposed GRPC endpoint that was unauthenticated.

Activity

tim Customer sent a message
3 years ago(16 Dec 2021 05:01:03 UTC)
JP_Bennett sent a message
3 years ago(16 Dec 2021 02:35:01 UTC)
tim Customer sent a message
3 years ago(16 Dec 2021 00:43:48 UTC)
tim Customer published the disclosure report
3 years ago(16 Dec 2021 00:40:35 UTC)
JP_Bennett sent a message
3 years ago(15 Dec 2021 22:52:31 UTC)
tim Customer sent a message
3 years ago(15 Dec 2021 22:47:47 UTC)
JP_Bennett sent a message
3 years ago(15 Dec 2021 22:23:59 UTC)
JP_Bennett requested disclosure
3 years ago(13 Dec 2021 23:25:58 UTC)
tim Customer changed the state to Resolved
3 years ago(13 Dec 2021 22:05:20 UTC)
tim Customer rewarded JP_Bennett 20 points
3 years ago(13 Dec 2021 22:05:20 UTC)
tim Customer rewarded JP_Bennett $4,800
3 years ago(13 Dec 2021 22:05:16 UTC)
tim Customer sent a message
3 years ago(13 Dec 2021 22:05:00 UTC)
tim Customer changed the severity to P2
3 years ago(13 Dec 2021 22:04:10 UTC)
viper-bugcrowd changed the state to Triaged
3 years ago(09 Dec 2021 11:46:18 UTC)
viper-bugcrowd changed the severity to P4
3 years ago(09 Dec 2021 11:46:15 UTC)
JP_Bennett sent a message
3 years ago(08 Dec 2021 19:56:15 UTC)
jbaizer Customer sent a message
3 years ago(08 Dec 2021 19:46:48 UTC)
JP_Bennett created the submission
3 years ago(08 Dec 2021 07:52:00 UTC)