Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
File has been removed from the media library.
NASA Terminal Facility Guidelines for Unauthorized Disclosure of Personal Information (PII)
Disclosed by FengSY- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 4 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by FengSY
This situation increases risk of:
- Spear-phishing using exact internal contact details.
- Social engineering that bypasses authentication by referencing real names/phone numbers.
- Potential pretexting attacks on security, transport or logistics staff.
Recommendation:
- Review directory access controls for /uploads and ensure sensitive docs are not publicly downloadable unless explicitly approved.
- Remove or redact unauthorized content from this specific file.