Amazon Vulnerability Research Program

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Amazon Retail Mobile Apps OTHER critical
Amazon Retail Sites OTHER critical
Amazon Retail Subsidiaries OTHER critical
297606951 APPLE_STORE_APP_ID high critical
Amazon Retail Mobile Apps (e.g. Prime Now) OTHER critical
Amazon Retail Sites (e.g. Amazon.in, Amazon.es) OTHER critical
com.amazon.mShop.android.shopping GOOGLE_PLAY_APP_ID high critical
www.amazon.co.jp URL high critical
www.amazon.co.uk URL high critical
www.amazon.com URL high critical
www.amazon.de URL high critical
www.amazon.fr URL high critical
Other Amazon Retail Sites (e.g. Amazon.com.au, Amazon.sg) OTHER critical
www.amazon.ca URL critical
www.amazon.com.mx URL high critical
www.amazon.es URL high critical
www.amazon.in URL critical
Other Amazon Retail Assets (if you are not sure about the asset scope, please use this one) OTHER critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Amazon Physical Stores OTHER none
Amazon Go Mobile Apps, Whole Foods Apps, anything related to Physical Stores will be out-of-scope
Amazon Web Services (AWS) OTHER none
Currently, anything related to AWS should be considered out of scope.
https://amazongames.com/ URL none
https://tsologic.com/ URL none
https://www.twitch.tv/ URL none