Scope Updates
Recent changes to bug bounty program scopes.
| Change | Asset | Category | Scope | Program | Platform | Time |
|---|---|---|---|---|---|---|
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | newsletter.infomaniak.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | https://api.pub1.infomaniak.cloud | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all pdf documents published or served on castor.vinci.com are public, thank you for not reporting any bug linked to the accessibility of these documents | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | only exception: wishes.vinci.com (english version of voeux.vinci.com) is included in the scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | !! links pointing to other fqdns are always out of scope !! | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | anything that is not explicitely listed in scope section | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | please note that www.lafabriquedelacite.com is out of scope from today 10/12/25 as the web site is going to be redeveloped | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. however, a fraud activity enabled by a csrf exploit for example is valid | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | however, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working poc. if that convinces us to change our code, we will reward you with a bounty | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any website that is not listed explicitly in the scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | experimental features | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | - all other goto financial assets not listed above are to be considered as out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | - any staging environment will be out of scope (staging domain could be indicated by words like test/integration/staging, etc) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all other goto assets not listed above are to be considered as out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any staging environment will be out of scope (staging domain could be indicated by words like test/integration/staging, etc) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | craft cms on www.siilo.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | vettore.it (and any related vettore assets) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 |