Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

atlassian

BugcrowdView on Bugcrowd

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (45)

Asset	Category	Bounty	Quick Links
Any associated .atlassian.com or .atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance	OTHER	No	-
Any other .atlassian.com or .atl-paas.net domain that cannot be exploited directly from a *.atlassian.net instance	URL	No	-
Forge Platform	OTHER	No	-
GraphQL API (bugbounty-test-<bugcrowd-name>.atlassian.net/gateway/api/graphql)	URL	No	-
Other - (all other Atlassian targets)	OTHER	No	-
https://*.atlastunnel.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://admin.atlassian.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://admin.atlassian.com/atlassian-guard	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://apps.apple.com/us/app/confluence-cloud/id1006971684	IOS	No	-
https://apps.apple.com/us/app/confluence-server/id1288365159	IOS	No	-
https://apps.apple.com/us/app/jira-cloud-by-atlassian/id1006972087	IOS	No	-
https://apps.apple.com/us/app/jira-server/id1405353949	IOS	No	-
https://apps.apple.com/us/app/loom-screen-recorder/id1474480829	IOS	No	-
https://bitbucket.org	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://chromewebstore.google.com/detail/loom-%E2%80%93-screen-recorder-sc/liecbddmkiiihnedobmlmillhodjkdmb?hl=en-US&pli=1	OTHER	No	-
https://confluence.atlassian.com/doc/install-atlassian-companion-992678880.html	OTHER	No	-
https://id.atlassian.com/login	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://marketplace.atlassian.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://play.google.com/store/apps/details?id=com.atlassian.android.confluence.core&hl=en_US&gl=US	ANDROID	No	Play Store
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&hl=en_US&gl=US	ANDROID	No	Play Store
https://play.google.com/store/apps/details?id=com.atlassian.confluence.server	ANDROID	No	Play Store
https://play.google.com/store/apps/details?id=com.atlassian.jira.server&hl=en_US&gl=US	ANDROID	No	Play Store
https://play.google.com/store/apps/details?id=com.loom.android&hl=en_US&pli=1	ANDROID	No	Play Store
https://start.atlassian.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/enterprise/data-center/bitbucket	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/enterprise/data-center/confluence	OTHER	No	-
https://www.atlassian.com/enterprise/data-center/crowd	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/enterprise/data-center/jira	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/enterprise/data-center/jira/service-management	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/atlas	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/bamboo	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/compass	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/confluence	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/confluence/premium	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/crucible	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/fisheye	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/jira	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/jira/product-discovery	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/jira/service-management	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/jira/work-management	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.atlassian.com/software/rovo	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.loom.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.loom.com/download	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
https://www.npmjs.com/package/@forge/cli	OTHER	No	-
https://www.sourcetreeapp.com/	OTHER	No	-

Out-of-Scope Assets (13)

Asset	Category	Bounty
*.bitbucket.io	URL	No
Any customer instance. Do not test customer instances or affect customer data. Customer cloud instances may be in the form of <customer>.atlassian.net or <customer>.jira.com. Test only your own instances.	URL	No
Any internal or development services.	URL	No
Any repository that you are not an owner of - do not impact Atlassian customers in any way.	URL	No
HipChat (inc. HipChat Data Center, HipChat Desktop, HipChat Mobile)	OTHER	No
Stride (inc. Stride Video, Stride Desktop, Stride Mobile)	OTHER	No
bytebucket.org	URL	No
https://blog.bitbucket.org	URL	No
https://bugcrowd.com/atlassianapps	URL	No
https://info.loom.com/	URL	No
https://shop.atlassian.com	URL	No
https://support.atlassian.com	URL	No
https://support.loom.com	URL	No