46829 policies in database
Link to program      
2022-02-02
Databricks logo
Thank
Gift
HOF
Reward

Reward

Databricks

THIS PROGRAM DOESN'T REQUIRE H1 VPN

Databricks looks forward to working with the security community to find security vulnerabilities in order to keep our businesses and customers safe.

SLA

Databricks will make a best effort to meet the following SLAs for hackers participating in our program:

  • Time to first response (from report submit) - 5 business days

  • Time to triage (from report submit) - 10 business days

  • Time to bounty (from triage) - 10 business days

Disclosure Policy

Program Rules

  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.

  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).

  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.

  • Performing social engineering (e.g. phishing, vishing, smishing) is prohibited. However, finding technical flaws that can be used for social engineering (e.g. spoofing, tampering) is allowed.

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service

  • Only interact with accounts you own or with explicit permission of the account holder.

  • All reports must be rated using CVSS v3.0 calculator

Priority Vulnerability Reward

Each valid finding into the program is welcome and rewarded. With the intention of getting focus on areas we find more critical for our customers, this program is going to pay an additional 25% bounty on the selected category of vulnerabilities in our main testing site (extended program assets are not included):

  • Privilege Escalation

  • Insecure Direct Object Reference (IDOR)

  • Improper Access Control

Also, a $3000 reward is guaranty to the person able to break out of our current cluster container (LXC) and execute privileged commands in adjacent LXC containers or the Host OS

Databricks Credentials

  • Please fill out the form above to be provided with testing credentials.

Documentation

  • For information on using Databricks, please visit https://docs.databricks.com/.

IMPORTANT - PLEASE READ

  • Databricks is a Remote Code Execution environment, thus most instances of RCE are considered to be part of the product, and not vulnerabilities. Please do not report remote code execution unless you believe it is either un-intended, or violates the security guarantees of the platform.

  • Notebooks execute as root and all cluster access is root - this is expected. There are no security boundaries within a cluster.

  • Please be aware the Databricks product allows launching of Spark clusters on Azure, and these clusters cost us money to run. Please be mindful of this and do not create excessive clusters.

  • Please follow the below configuration when creating new clusters:

{F254952}

Out of scope vulnerabilities

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

  • Known vulnerabilities in other third-party/open source libraries will be eligible for bounty if a working exploit is provided. Reports of libraries that need to be patched will still be accepted, but not rewarded with a bounty unless an exploit is provided.

  • Running your own web server on the cluster to create exploits - we are aware of this.

  • Installing malicious software on services on clusters.

  • Clickjacking on pages with no sensitive actions.

  • Unauthenticated/logout/login CSRF.

  • Attacks requiring MITM or physical access to a user's device.

  • Previously known vulnerable libraries without a working Proof of Concept.

  • Comma Separated Values (CSV) injection without demonstrating a vulnerability.

  • Missing best practices in SSL/TLS configuration.

  • Any activity that could lead to the disruption of our service (DoS or DDoS).

  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS

  • Azure Portal

Thank you for helping keep Databricks and our users safe!

Databricks extended bounty program:

===========================

Databricks is expanding the H1 program not only to our core application but to a number of services.

Any disruption testing is forbidden. These are production hosts

  • Known vulnerabilities in other third-party/open source libraries will be eligible for bounty if a PoC exploit is provided. Reports of libraries that need to be patched will still be accepted, but not rewarded with a bounty unless an exploit is provided.

In scope for extended assets:

  • Network scanning

  • Passive scanning

  • DNS scanning

Out of scope for extended assets is the following:

  • Active vulnerability finding (ie. create fake accounts, requests that could change the inner state of service, etc.)

  • Clickjacking on pages with no sensitive actions.

  • Unauthenticated/logout/login CSRF.

  • Attacks requiring MITM or physical access to a user's device.

  • Previously known vulnerable libraries without a working Proof of Concept.

  • Any activity that could lead to the disruption of our service (DoS or DDoS).

  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS

  • Azure Portal

Main test site:

  • dbc-a1ba5468-749b.staging.cloud.databricks.com

Extended assets list:

  • connect.databricks.com

  • docs-admin.databricks.com

  • docs-user.databricks.com

  • e.databricks.com

  • go.databricks.com

  • go.dev.databricks.com

  • homebrew-tap.dev.databricks.com

  • ideas.staging.databricks.com

  • info.databricks.com

  • it.corp.databricks.com

  • ok.databricks.com

  • pages.databricks.com

  • partnermarketing.databricks.com

  • signup.cloud.mrkt.databricks.com

  • signup.dev.mrkt.databricks.com

  • ssh.databricks.com

  • ssh.spark-summit.org

  • staging.spark-summit.org

  • tools.sec-sf.databricks.com

  • training.databricks.com

  • uberlyft-ns.dev.databricks.com

  • waf-test.corp.databricks.com

  • academy.databricks.com

  • accounts.cloud.databricks.com

  • community.cloud.databricks.com

  • databricks-prod-cloudfront.cloud.databricks.com

  • delta.io

  • demo.cloud.databricks.com

  • docs.cloud.databricks.com

  • docs.databricks.com

  • docs.delta.io

  • files.training.databricks.com

  • ftp.databricks.com

  • go.corp.databricks.com

  • gw1-ap.corp.databricks.com

  • gw1-eu.corp.databricks.com

  • gw1-us.corp.databricks.com

  • gw2-us.corp.databricks.com

  • help.corp.databricks.com

  • help.databricks.com

  • ideas.databricks.com

  • kb.azuredatabricks.net

  • kb.databricks.com

  • maintenance.databricks.com

  • partners.databricks.com

  • pgg11o.hubspot.databricks.com

  • preferences.databricks.com

  • sophos.corp.databricks.com

  • spark-portal.org

  • spark-summit.com

  • spark-summit.org

  • sparkhub.databricks.com

  • support.databricks.com

  • unsubscribe.corp.databricks.com

  • vpn-us.corp.databricks.com

  • www.databricks.com

  • www.sparkhub.databricks.com

In Scope

Scope Type Scope Name
web_application

databricks.com

web_application

https://dbc-a1ba5468-749b.staging.cloud.databricks.com,https://community.cloud.databricks.com/

web_application

connect.databricks.com,databricks-staging-cloudfront.staging.cloud.databricks.com,docs-admin.databricks.com,docs-user.databricks.com,e.databricks.com,go.databricks.com,go.dev.databricks.com,homebrew-tap.dev.databricks.com,ideas.staging.databricks.com,info.databricks.com,it.corp.databricks.com,ok.databricks.com,pages.databricks.com,partnermarketing.databricks.com,signup.cloud.mrkt.databricks.com,signup.dev.mrkt.databricks.com,ssh.databricks.com,ssh.spark-summit.org,staging.spark-summit.org,tools.sec-sf.databricks.com,training.databricks.com,uberlyft-ns.dev.databricks.com,waf-test.corp.databricks.com,academy.databricks.com,accounts.cloud.databricks.com,databricks-prod-cloudfront.cloud.databricks.com,delta.io,demo.cloud.databricks.com,docs.cloud.databricks.com,docs.databricks.com,docs.delta.io,files.training.databricks.com,ftp.databricks.com,go.corp.databricks.com,gw1-ap.corp.databricks.com,gw1-eu.corp.databricks.com,gw1-us.corp.databricks.com,gw2-us.corp.databricks.com

web_application

help.corp.databricks.com,help.databricks.com,ideas.databricks.com,kb.azuredatabricks.net,kb.databricks.com,maintenance.databricks.com,partners.databricks.com,pgg11o.hubspot.databricks.com,preferences.databricks.com,sophos.corp.databricks.com,spark-portal.org,spark-summit.com,spark-summit.org,sparkhub.databricks.com,support.databricks.com,unsubscribe.corp.databricks.com,vpn-us.corp.databricks.com,www.databricks.com,www.sparkhub.databricks.com

Out of Scope

Scope Type Scope Name
web_application

feedback.databricks.com

web_application

go.databricks.com

web_application

*.cloud.databricks.com

web_application

*.azuredatabricks.net

web_application

forums.databricks.com

web_application

Other subdomains of *.azuredatabricks.net and other ‘o’ parameters


This program have been found on Hackerone on 2022-02-02.

FireBounty © 2015-2024

Legal notices | Privacy policy