Scope Updates
Recent changes to bug bounty program scopes.
| Change | Asset | Category | Scope | Program | Platform | Time |
|---|---|---|---|---|---|---|
| Added | deezer-blog.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | deezercommunity.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | support.deezer.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | cdn-content.deezer.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | cdn-files.deezer.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | partners.deezer.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | developers.deezer.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | jenkins instances hosted by users are not in scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | jenkins project infrastructure (the one hosted by the project) is not in scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | jenkins installers are not in scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any components/plugins not explicitly included are not in scope (e.g. forks, libraries or packages) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | docker images are not in scope for this program | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | everything from https://www.jenkins.io/security/reporting/#non-issues, and in addition the following items | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all 3rd parties are out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains not listed in-scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | third-party companies that perform business transactions for spacelift | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | data breaches or credential dumps | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | attacks against any account other than the specified target accounts | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any communication with spacelift colleagues | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any other spacelift assets not specifically listed as in-scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | contact form (especially hubspot ones) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | bypasses of user or api key creation limits (including via race conditions or business logic issues) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | session keeps using old user group permissions if user group permissions are changed during a given session's lifespan | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 |