Zola recognizes the importance of security, privacy, and community. We value the input of the security community and welcome the opportunity to collaborate with community members to maintain a high standard for our users and to create a more secure Internet.
We take security issues seriously. If you believe you've identified a vulnerability within our products, we would like to know about it. We'll investigate all submissions and do our best to fix issues. Thank you for taking an interest in making the Internet safer!
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified, in Zola’s sole but reasonable discretion, due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Certain vulnerabilities may exist on multiple endpoints within the same entity and may be considered as duplicates of each other. It is still recommended that you report them, as the team will investigate to see if they are unique. However, please note that subsequent submissions may be marked as Not Applicable to prevent points farming. An example would be create/read/update/delete endpoints for the same entity with IDOR vulnerability.
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
|Scope Type||Scope Name|
Zola Android App
Zola iOS App
This program have been found on Bugcrowd on 2021-09-28.