Livestream

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.livestream.com URL high high high critical
*.new.livestream.com URL medium medium medium critical
493086499 APPLE_STORE_APP_ID medium medium medium critical
Livestream software (Producer, Studio) OTHER medium medium medium critical
com.livestream.livestream GOOGLE_PLAY_APP_ID medium medium medium critical
www.livestream.com URL medium medium medium critical
donations.livestream.com URL critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.boost.livestream.com,boost.livestream.com URL none
This is a 3rd party (AMP.LIVE).
*.getmevo.com URL medium medium medium none
*.mevo.com URL medium medium medium none
Broadcaster Pro HARDWARE low low low none
This is 3rd party hardware that we have no control or input over.
Livestream Switchers (Studio One, HD51, HD550, Surface Go) HARDWARE low low low none
This is 3rd party hardware that we have no input or control over. (HD31 retired 1/7/19)
Mevo Live Camera HARDWARE low low low none
donations.livestream.com URL none
This is run through our Fastly, but its origin is APPSPOT.COM
help.livestream.com URL none
This is Zendesk, 3rd party.
livestream.com/blog, *.livestream.com/blog OTHER none
WPEngine requires a different contract if you include it on a bug bounty program
livestreamapis.com URL none
publishing-api.livestream.com URL none
Even though its a Livestream name, and goes to Livestream Fastly, the backend is a 3rd party vendor.
s3://static.intercast-livestream.com OTHER none
Its a 3rd party owned bucket, AMP.LIVE, publicly available. The content in there is made to be publicly available.
shop.getmevo.com,*.shop.getmevo.com URL none
3rd Party / Shopify
store.livestream.com URL none
This is 3rd party/Shopify.
Any previously owned/sold hardware HARDWARE none
The hardware side of Livestream has been sold to a non-Vimeo company. Even though we have integrations with much of it still, we can not take reports for it.
status.livestream.com URL none
3rd party
livestream.com/blog, *.livestream.com/blog, blog.livestream.com OTHER none
WPEngine requires a different contract if you include it on a bug bounty program