Scope Updates
Recent changes to bug bounty program scopes.
| Change | Asset | Category | Scope | Program | Platform | Time |
|---|---|---|---|---|---|---|
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any asset that is not explicitly included in our program's scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | other business units of the telenor group - including *.telenor.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | telenor id | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | mobile services and devices provided by telenor sweden and subsidiaries not reachable from internet | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any domain that looks like it's owned by a third party or customer due customer's privacy | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | stage-vimla-se.vimla.io | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.cust.ownit.se | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.customers.ownit.se | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.cust.bredbandsbolaget.se | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.sme.telenor.se | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.cust.telenor.se | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.bbcust.telenor.se | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | user email verification | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | vps instances from our customers, like *.vps.infomaniak.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 |