Aiven Ltd

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
aivencloud.com URL critical
Aivencloud.com is used for Aiven customer service deployments. Assets under aivencloud.com are thus only eligible for bounty if they are assets are linked and owned to your own test accounts and services. Specifically, assets under that domain that are linked to customer systems are off-limits and not eligible for bounty. The services can be launched via console.aiven.io or using our API at api.aiven.io.
api.aiven.io URL critical
console.aiven.io URL critical
github.com/aiven OTHER critical
Bugs that are not security issues in available source code may not be eligible for a bounty. Accessing confidential Aiven source code or other resources, or finding valid credentials or similar secrets from publicly available source code may be eligible for bounty. **Do note this is not a permission to attack Github.com in any way. For any Github specific vulnerabilities, please refer to Github bug bounty program.**
help.aiven.io URL critical
www.aiven.io URL medium low medium critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity