45466 policies in database
Link to program      
2018-08-17
2021-03-31
Trello logo
Thank
Gift
HOF
Reward

Reward

300 $ 

Trello

Trusted by millions, Trello is a visual collaboration tool that creates a shared perspective on any project. Trello’s boards, lists, and cards enable you to organize and prioritize your personal and work life in a fun, flexible, and rewarding way.

Ratings/Rewards and Bounty Rules:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Note: Atlassian uses CVSS to consistently score security vulnerabilities. Where discrepancies between the VRT and CVSS score exist, Atlassian will defer to the CVSS score to determine the priority.

To qualify for a bounty you must:

  • Report a qualifying vulnerability that is in the scope of our program (also below)
  • Be the first person to report the vulnerability
  • Adhere to our disclosure guidelines (see below)
  • Only test against your own accounts and data
  • Be reasonable with automated scanning methods so as to not degrade services
  • Refrain from disclosing the vulnerability until we've addressed it
  • Communicate with our security team exclusively via Bugcrowd (the security team will be way more impressed by your exploits than our support or social media teams)

Access/Credentials

You are free to make as many accounts as needed to test on Trello - please ensure that you use your @bugcrowdninja.com email address.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
android_application

Trello Mobile App for Android

ios_application

Trello Mobile App for iOS

undefined

Trello Desktop Client

undefined

Butler for Trello

undefined

Calendar Power-Up

undefined

Card Aging Power-Up

undefined

List Limits Power-Up

undefined

Voting Power-Up

web_application

trello.com

web_application

api.trello.com

web_application

*.trello.services

Out of Scope

Scope Type Scope Name
web_application

e.trello.com

web_application

help.trello.com

web_application

trello-attachments.s3.amazonaws.com

web_application

First party (made-by-trello) power-ups other than those inscope are excluded from this program but can be reported to http://bugcrowd.com/atlassianapps


This program crawled on the 2018-08-17 is sorted as bounty.

FireBounty © 2015-2024

Legal notices | Privacy policy