/engagements/atlassian
48
In Scope
13
Out of Scope
In-Scope Assets (48)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Any associated *.atlassian.com or *.atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance | OTHER | Yes | - | |
| Any other *.atlassian.com or *.atl-paas.net domain that cannot be exploited directly from a *.atlassian.net instance | URL | Yes | - | |
| Forge Platform | OTHER | Yes | - | |
| GraphQL API (bugbounty-test-<bugcrowd-name>.atlassian.net/gateway/api/graphql) | URL | Yes | - | |
| Other - (all other Atlassian targets) | OTHER | Yes | - | |
| https://*.atlastunnel.com | URL | Yes | ||
| https://admin.atlassian.com/ | URL | Yes | ||
| https://admin.atlassian.com/atlassian-guard | URL | Yes | ||
| https://apps.apple.com/us/app/confluence-cloud/id1006971684 | IOS | Yes | - | |
| https://apps.apple.com/us/app/confluence-server/id1288365159 | IOS | Yes | - | |
| https://apps.apple.com/us/app/jira-cloud-by-atlassian/id1006972087 | IOS | Yes | - | |
| https://apps.apple.com/us/app/jira-server/id1405353949 | IOS | Yes | - | |
| https://apps.apple.com/us/app/loom-screen-recorder/id1474480829 | IOS | Yes | - | |
| https://bitbucket.org | URL | Yes | ||
| https://chromewebstore.google.com/detail/loom-%E2%80%93-screen-recorder-sc/liecbddmkiiihnedobmlmillhodjkdmb?hl=en-US&pli=1 | OTHER | Yes | - | |
| https://confluence.atlassian.com/doc/install-atlassian-companion-992678880.html | OTHER | Yes | - | |
| https://id.atlassian.com/login | URL | Yes | ||
| https://marketplace.atlassian.com | URL | Yes | ||
| https://mcp.atlassian.com | OTHER | Yes | - | |
| https://play.google.com/store/apps/details?id=com.atlassian.android.confluence.core&hl=en_US&gl=US | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&hl=en_US&gl=US | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.atlassian.confluence.server | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.atlassian.jira.server&hl=en_US&gl=US | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.loom.android&hl=en_US&pli=1 | ANDROID | Yes | ||
| https://start.atlassian.com | URL | Yes | ||
| https://support.atlassian.com/rovo/docs/use-rovo-dev-cli/ | OTHER | Yes | - | |
| https://www.atlassian.com/enterprise/data-center/bitbucket | URL | Yes | ||
| https://www.atlassian.com/enterprise/data-center/confluence | OTHER | Yes | - | |
| https://www.atlassian.com/enterprise/data-center/crowd | URL | Yes | ||
| https://www.atlassian.com/enterprise/data-center/jira | URL | Yes | ||
| https://www.atlassian.com/enterprise/data-center/jira/service-management | URL | Yes | ||
| https://www.atlassian.com/software/atlas | URL | Yes | ||
| https://www.atlassian.com/software/bamboo | URL | Yes | ||
| https://www.atlassian.com/software/compass | URL | Yes | ||
| https://www.atlassian.com/software/confluence | URL | Yes | ||
| https://www.atlassian.com/software/confluence/premium | URL | Yes | ||
| https://www.atlassian.com/software/crucible | URL | Yes | ||
| https://www.atlassian.com/software/fisheye | URL | Yes | ||
| https://www.atlassian.com/software/jira | URL | Yes | ||
| https://www.atlassian.com/software/jira/product-discovery | URL | Yes | ||
| https://www.atlassian.com/software/jira/service-management | URL | Yes | ||
| https://www.atlassian.com/software/jira/work-management | URL | Yes | ||
| https://www.atlassian.com/software/rovo | URL | Yes | ||
| https://www.atlassian.com/software/rovo-dev | URL | Yes | ||
| https://www.loom.com/ | URL | Yes | ||
| https://www.loom.com/download | URL | Yes | ||
| https://www.npmjs.com/package/@forge/cli | OTHER | Yes | - | |
| https://www.sourcetreeapp.com/ | OTHER | Yes | - |
Out-of-Scope Assets (13)
| Asset | Category | Bounty | |
|---|---|---|---|
| bytebucket.org | URL | Yes | |
| *.bitbucket.io | URL | Yes | |
| Any customer instance. Do not test customer instances or affect customer data. Customer cloud instances may be in the form of <customer>.atlassian.net or <customer>.jira.com. Test only your own instances. | URL | Yes | |
| Any internal or development services. | URL | Yes | |
| Any repository that you are not an owner of - do not impact Atlassian customers in any way. | URL | Yes | |
| HipChat (inc. HipChat Data Center, HipChat Desktop, HipChat Mobile) | OTHER | Yes | |
| Stride (inc. Stride Video, Stride Desktop, Stride Mobile) | OTHER | Yes | |
| https://blog.bitbucket.org | URL | Yes | |
| https://bugcrowd.com/atlassianapps | URL | Yes | |
| https://info.loom.com/ | URL | Yes | |
| https://shop.atlassian.com | URL | Yes | |
| https://support.atlassian.com | URL | Yes | |
| https://support.loom.com | URL | Yes |