At Telenor we recognize the important role that security researchers play in helping to keep Telenor Sverige AB and our customers secure.
By participating in this program you acknowledge that you have read and agreed to these Program Rules.
We aim to test most of our assets through this program.
Nevertheless, we ask you to read carefully the list of exclusions (Out-of-Scope) before starting; some domains are related to Telenor's customers, these should not be tested and will not be eligible for a reward anyway.
We are happy to thank everyone who submits valid reports which help us improve the security of Telenor Sverige AB, however, only those that meet the following eligibility requirements may receive a monetary reward:
For all submissions, please include:
Full description of the vulnerability being reported, including the exploitability and impact
Evidence and explanation of all steps required to reproduce the submission, which may include:
Report details must include :
Allowed Actions:
Prohibited Actions:
Unless you can demonstrate a specific situation where an XSS becomes a "HIGH" or "CRITICAL" finding, it is likely an XSS vulnerability will score as "MEDIUM".
In this case, and if you want your report to be rewarded as a ‘High’ or ‘Critical’ finding, please provide a realistic, proven and step by step detailed scenario of exploitability, including elements that could be modified through this exploit, or actions that could be undertaken on behalf of targeted user.
For example : XHR request to modify account information and could lead to an account take over.
There is also a certain chance, that similar XSS exploits on different endpoints or parameters are caused by the same underlying input validation weakness. If that is the case, we reserve the right to honor only a single report and to reject the other ones as ‘Duplicate’/’Informative’.
In the event (i) you breach any of these Program Rules or the terms and conditions of YesWeHack platform; or (ii) Telenor determines, in its sole discretion that your continued participation in the Bug Bounty Program could adversely impact Telenor (including, but not limited to, presenting any threat to Telenor’s systems, security, finances and/or reputation) Telenor may immediately terminate your participation in this Bug Bounty Program.
Any information you receive or collect about Telenor or any Telenor user through this Bug Bounty Program (“Confidential Information”) must be kept confidential and only used in connection with the program. You may not use, disclose or distribute any such Confidential Information, including, but not limited to, any information regarding your Submission and information you obtain when researching the Telenor sites, without Telenor’s prior written consent.
The Bug Bounty Program, including its policies, is subject to change or cancellation by Telenor at any time, without notice. As such, Telenor may amend these Program Rules at any time by posting a revised version on YesWeHack platform. By continuing to participate in the Program after Telenor posts any such changes, you accept the Program Terms, as modified.
Scope Type | Scope Name |
---|---|
web_application | *.telenor.se |
web_application | *.bredbandsbolaget.se |
web_application | *.europolitan.se |
web_application | *.ownit.se |
web_application | *.vimla.se |
web_application | *.vimla.work |
web_application | *.vimla.io |
Scope Type | Scope Name |
---|---|
undefined | Any domain that looks like it's owned by a third party or customer due customer's privacy |
undefined | Mobile services and devices provided by Telenor Sweden and subsidiaries not reachable from Internet |
undefined | Connect ID - Hosted by Telenor Group |
web_application | *.bbcust.telenor.se |
web_application | *.cust.telenor.se |
web_application | *.sme.telenor.se |
web_application | *.cust.bredbandsbolaget.se |
web_application | *.customers.ownit.se |
web_application | *.cust.ownit.se |
web_application | Other business units of the Telenor Group - including *.telenor.com |
web_application | stage-vimla-se.vimla.io |
Firebounty have crawled on 2021-03-29 the program Telenor Sweden Public Bug Bounty Program on the platform Yeswehack.
FireBounty © 2015-2024