Amazon Vulnerability Research Program

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Amazon Retail Mobile Apps OTHER critical
Amazon Retail Sites OTHER critical
Amazon Retail Subsidiaries OTHER critical
297606951 APPLE_STORE_APP_ID high critical
Amazon Retail Mobile Apps (e.g. Prime Now) OTHER critical
Amazon Retail Sites (e.g. Amazon.in, Amazon.es) OTHER critical
com.amazon.mShop.android.shopping GOOGLE_PLAY_APP_ID high critical
www.amazon.co.jp URL high critical
www.amazon.co.uk URL high critical
www.amazon.com URL high critical
www.amazon.de URL high critical
www.amazon.fr URL high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Amazon Physical Stores OTHER none
Amazon Go Mobile Apps, Whole Foods Apps, anything related to Physical Stores will be out-of-scope
Amazon Web Services (AWS) OTHER none
Currently, anything related to AWS should be considered out of scope.
https://amazongames.com/ URL none
https://tsologic.com/ URL none
https://www.twitch.tv/ URL none