5512 policies in database
Link to program      
2015-05-06
2020-02-27
Udemy logo
Thank
Gift
HOF
Reward

Reward

50 $ 

Udemy

Introduction

Thank you for taking the time to help make Udemy a better place to spend time. Udemy appreciates your willingness and time taken to find and report exploits. We look forward to your reports.
Ground Rules
Do no harm
Respect Users privacy
Research and disclose in good faith

Disclosure

User privacy is a top concern for Udemy. Only interact with accounts that you own or have explicit permission from the account holder to use. Do not leak, manipulate or destroy any user data. If you uncover user personal data, please take the following actions
Stop investigating
Report this immediately to Udemy through the bug bounty program
Do not retain, transfer or disclose any of the personal data
When you uncover a reportable vulnerability disclose that to Udemy as soon as practically possible.

Report Quality

For a report to be considered actionable it must demonstrate an impact to our system. To allow Udemy to best understand the issue presented please include a set of comprehensive steps to reproduce the problem or a proof of concept (PoC). The desired outcome is for Udemy to be able to reproduce the issue so we can fix it.

Please keep in mind the following when submitting reports:

  • Check the scope page before beginning the report.
  • Video only PoCs will not be considered
  • A vulnerability must be verifiable and reproducible for Udemy to consider it to be in-scope.
  • To receive a bounty you must be the first person to report it.

Udemy will base bounty payouts on two things: exploitability and impact.

Scope

The scope of Udemy bug bounty program are the Udemy assets. Primarily this served from www.udemy.com . We are primarily interested in exploits that impact our users or their personal data.
In Scope
www.udemy.com

Out of Scope

  • Exploits that do not impact our users.
  • Denial of Service exploits.
  • Exploits that require significant social engineering
  • SMTP, DMARC, etc email records settings
  • Video streaming or downloading videos
  • User enumeration based on error messaging of our login or signup endpoint.
  • Restricting access to "Private Courses."
  • All of the following subdomains are NOT in scope: about, affiliates, blog, business, community, copyright,design, fd, government, keeplearning, helpdesk, info, inform, learning, legalteam, mi, mule, people-innovators, press, taxforms, support, translate, teach, research, support, ufbsupport.
  • Fraud reports. These should be reported to TrustAndSafety@udemy.com

In Scope

Scope Type Scope Name
web_application

www.udemy.com

Out of Scope

Scope Type Scope Name
web_application

about.udemy.com

web_application

affiliates.udemy.com

web_application

blog.udemy.com

web_application

business.udemy.com

web_application

community.udemy.com

web_application

press.udemy.com

web_application

teach.udemy.com

web_application

learning.udemy.com

web_application

research.udemy.com

web_application

support.udemy.com

web_application

mi.udemy.com

web_application

helpdesk.udemy.com


This program crawled on the 2015-05-06 is sorted as bounty.

FireBounty © 2015-2020

Legal notices