50%+ Bonus for Sync to Calendar Vulns - Announcements - Asana

$100 – $6,500 per vulnerability
Partial safe harbor

Starting today, April 13, 2023 and going until May 13, 2023, Asana is launching a bonus opportunity for our Sync to Calendar feature.

In brief, Sync to Calendar allows a user to sync dated tasks in an Asana project to external calendars such as iCal or Google Calendar. We are particularly interested in any vulnerabilities that might allow you to access private tasks or continue accessing project updates after permissions on a project are lost.

For full documentation on the feature, please see here.

Below are the bonus details:

Priority/Bonus Qualifications	Bonus Reward
P1 on Sync to Calendar	2x current bounty range (i.e. current range for P1 is $6100 – $6500. With bonus, range is $12200 - $13000)
P2, P3 on Sync to Calendar	1.5x current bounty range (i.e. current range for P3 is $850 – $1000. With bonus, range is $1275 - $1500)