LINE

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.line-apps.com URL critical
Only exploits that are successful within the LINE Application are considered in scope. Any exploit that may work on web browsers, but not in the LINE app itself, is out of scope.
*.line.me URL critical
Only exploits that are successful within the LINE Application are considered in scope. Any exploit that may work on web browsers, but not in the LINE app itself, is out of scope.
*.line.naver.jp URL critical
Only exploits that are successful within the LINE Application are considered in scope. Any exploit that may work on web browsers, but not in the LINE app itself, is out of scope.
443904275 APPLE_STORE_APP_ID high high high critical
[Apple App Store](https://apps.apple.com/jp/app/line/id443904275) Please make sure you are testing the latest version. Only the latest version is considered in scope.
539883307 APPLE_STORE_APP_ID critical
macOS: [Apple Mac App Store](https://apps.apple.com/id/app/line/id539883307) Please make sure you are testing the latest version. Only the latest version is considered in scope.
9wzdncrfj2g6 WINDOWS_APP_STORE_APP_ID high high high critical
[Microsoft Windows Store](https://www.microsoft.com/ja-jp/p/line/9wzdncrfj2g6) Please make sure you are testing the latest version. Only the latest version is considered in scope.
Chrome Extension OTHER high high high critical
https://chrome.google.com/webstore/detail/line/ophjlpahpchlmihnnnihgmmeilfjmjjc Please make sure you are testing the latest version. Only the latest version is considered in scope.
Windows Executable DOWNLOADABLE_EXECUTABLES critical
https://desktop.line-scdn.net/win/new/LineInst.exe Please make sure you are testing the latest version. Only the latest version is considered in scope.
jp.naver.line.android GOOGLE_PLAY_APP_ID high high high critical
[Google Play Store](https://play.google.com/store/apps/details?id=jp.naver.line.android) Please make sure you are testing the latest version. Only the latest version is considered in scope.
live.line.me URL critical
music.line.me URL critical
news.line.me URL critical
store.line.me URL critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
LINE Pay OTHER none
Please refrain from testing any functionality that is related to financial transactions. **This includes LINE Pay functionality within the LINE Application and Rabbit Pay for Thailand.**
com.linecorp.linelite GOOGLE_PLAY_APP_ID none