Asana
- $100 – $6,500 per vulnerability
2x Bonus Opportunity for Asana's Bug Bounty Program!
Asana is happy to announce another bonus earning opportunity!
Starting now, October 2, 2023 and going until November 2, 2023 23:59 PT, Asana is running a 2x bonus opportunity for vulnerabilities found in our Google Workspace add-ons.
Google Workspace add-ons are applications that integrate directly with the Google Workspace suite. You can learn more about them here.
Asana has two add-ons - one allows you to create tasks directly from Gmail, and the other turns Asana links into Smart Chips in Google Docs. Learn more about Smart Chips here
How to access this feature
You can install both Asana add-ons by going here.
How to use this feature
Smart Chips
Install the add-on by going here. Then, add a link to an Asana task in any Google Doc. You will be prompted to add the Smart Chip functionality.
Gmail
View the documentation here.
We are unsure of the risk surface here and are open to all vulnerability classes (within the usual scope). Remember, please do not use repetitive network requests and refrain from testing any other Google surface areas, as these are outside the scope of this program. Refer to Google's bug bounty program if you are interested in testing their services.
Bonus Reward Details
| Priority/Bonus Qualifications | Bonus Reward |
|---|---|
| P1-P3 on Asana's Google Workspace add-ons | 2x current bounty range (i.e. current range for P3 is $850 – $1000. With bonus, range is $1700 - $2000) |
