Credit Karma

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
com.creditkarma.canada APPLE_STORE_APP_ID high high high critical
com.creditkarma.mobile APPLE_STORE_APP_ID high high high critical
com.creditkarma.mobile GOOGLE_PLAY_APP_ID high high high critical
https://*.creditkarma.com URL high high high critical
https://accounts.creditkarma.com URL high high high critical
https://api.creditkarma.com URL high high high critical
Our Native apps make use of our API to talk to our servers.
https://blog.creditkarma.com/ URL medium low medium critical
https://help.creditkarma.com URL medium high high critical
https://tax.creditkarma.com URL high high high critical
https://www.creditkarma.ca URL medium high high critical
https://www.creditkarma.com/savings URL high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Appsflyer.com URL none
Crashlytics.com URL none
Taplytics.com URL none
http://socialverification.creditkarma.com/ URL none
http://socialverification.stage.creditkarma.com/ URL none
https://www.creditkarma.com/all/advice URL none
https://www.creditkarma.com/article/* URL none
https://www.creditkarma.com/reviews/ URL none