Asana
- $100 – $6,500 per vulnerability
100% Bonus for Vulns in New Mobile App Feature
We have another bonus opportunity for you all!
Starting today, May 4, 2023 and going until June 4, 2023, Asana is launching a bonus opportunity for vulnerabilities found in our new feature multiple account support on mobile.
In brief, multi-account support allows you to sign into multiple Asana accounts on the Asana mobile app (both iOS and Android).
How to access this feature
This feature is not yet in production, so you will need to download the Asana beta app for iOS and/or Android.
To get the iOS app, please visit go.asana.com/ios-beta
To get the Android app, please visit go.asana.com/android-beta
How to use this feature
User will first need to be logged in with an account. Then, can add a new account by navigating to the Account tab and tapping on their avatar. This will open a menu with options to sign into additional accounts. Once the sign-in flow has been completed, you can toggle between the accounts using the same menu or by double tapping (Android) or long pressing (iOS) the account tab to pull up the quick switcher.
We are unsure of the risk surface here and are open to all vulnerability classes (within the usual scope) in both the iOS and Android apps.
Bonus Reward Details
| Priority/Bonus Qualifications | Bonus Reward |
|---|---|
| P1-P3 on multi-account support on mobile | 2x current bounty range (i.e. current range for P3 is $850 – $1000. With bonus, range is $1700 - $2000) |
