infomaniak-bug-bounty-program
YesWeHackView on YesWeHack
40
In Scope
14
Out of Scope
In-Scope Assets (40)
Out-of-Scope Assets (14)
| Asset | Category | |
|---|---|---|
| Assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | |
| Database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | |
| FTP credentials from our customers, like *.ftp.infomaniak.com | OTHER | |
| Jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | |
| MySQL credentials from our customers, like *.myd.infomaniak.com | OTHER | |
| S3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | |
| This domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. This is only office application, an external app to open MS office documents. | OTHER | |
| User email verification | OTHER | |
| VPS instances from our customers, like *.vps.infomaniak.com | OTHER | |
| We do not manage Open Stack dashboard which is therefore out of scope | OTHER | |
| Websocket IPS-public credentials. Public identifiers that do not allow access to information outside the scope of the user's profile. | OTHER | |
| https://api.pub1.infomaniak.cloud | OTHER | |
| newsletter.infomaniak.com | OTHER | |
| ov-XX.infomaniak.ch and od-XX.infomaniak.ch sub domains | OTHER |