DataStax

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
DataStax Desktop, DSE, Studio, DDAC, Opscenter DOWNLOADABLE_EXECUTABLES high high high critical
DataStax Desktop is a fully packaged version of DataStax products and services. The download for DataStax Desktop can be found here: https://downloads.datastax.com/#labs DataStax Desktop is a helper application that configures and runs DataStax Enterprise, and Studio in a Kubernetes pod. This application is not intended to be run in a production environment but is a helpful tool for experimenting with and familiarizing yourself with the different product offerings that Datastax makes available to the developer community at large. DataStax Desktop is merely an enabling method for configuring and running DataStax products to be run together, and not required for finding vulnerabilities in the in-scope products listed below. If you want to configure and run the products independent of DataStax Desktop we would accept and welcome any vulnerability that meets our criteria. Applications packaged and in scope are: * DataStax Enterprise (DSE) [Server, Analytics, Graph, Search] * Studio Vulnerabilities in scope: * Loss of availability, confidentiality, or integrity of the data from unauthenticated side-channel or protocol attacks on the DSE server (attacks on the native or storage ports) * Privilege escalation, or loss of tenancy within CQL Vulnerabilities out of scope: * JMX related vulnerabilities * DDOS attacks using large or high throughput payloads
https://academy.datastax.com/ URL high high high critical
Sign ups are open, you may use any email address that can be verified to sign up for the academy.
https://docs.datastax.com/ URL low low high critical
https://downloads.datastax.com URL medium none high critical
Our downloads site available for the general public.
https://www.datastax.com/ URL high high high critical
DSE, Studio, DDAC, Opscenter DOWNLOADABLE_EXECUTABLES high high high critical
DataStax Desktop is a fully packaged version of DataStax products and services. The download for DataStax Desktop can be found here: https://downloads.datastax.com/#labs DataStax Desktop is a helper application that configures and runs DataStax Enterprise, and Studio in a Kubernetes pod. This application is not intended to be run in a production environment but is a helpful tool for experimenting with and familiarizing yourself with the different product offerings that Datastax makes available to the developer community at large. DataStax Desktop is merely an enabling method for configuring and running DataStax products to be run together, and not required for finding vulnerabilities in the in-scope products listed below. If you want to configure and run the products independent of DataStax Desktop we would accept and welcome any vulnerability that meets our criteria. Applications packaged and in scope are: * DataStax Enterprise (DSE) [Server, Analytics, Graph, Search] * Studio Vulnerabilities in scope: * Loss of availability, confidentiality, or integrity of the data from unauthenticated side-channel or protocol attacks on the DSE server (attacks on the native or storage ports) * Privilege escalation, or loss of tenancy within CQL Vulnerabilities out of scope: * JMX related vulnerabilities * DDOS attacks using large or high throughput payloads

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://*cla.datastax.com/ URL none
https://community.datastax.com URL none
https://academy.datastax.com/ URL high high high none
*Automated Scanning Prohibited* Sign ups are open, you may use any email address that can be verified to sign up for the academy.