Asana
- $100 – $6,500 per vulnerability
50%+ Bonus for Sync to Calendar Vulns
Starting today, April 13, 2023 and going until May 13, 2023, Asana is launching a bonus opportunity for our Sync to Calendar feature.
In brief, Sync to Calendar allows a user to sync dated tasks in an Asana project to external calendars such as iCal or Google Calendar. We are particularly interested in any vulnerabilities that might allow you to access private tasks or continue accessing project updates after permissions on a project are lost.
For full documentation on the feature, please see here.
Below are the bonus details:
Priority/Bonus Qualifications | Bonus Reward |
---|---|
P1 on Sync to Calendar | 2x current bounty range (i.e. current range for P1 is $6100 – $6500. With bonus, range is $12200 - $13000) |
P2, P3 on Sync to Calendar | 1.5x current bounty range (i.e. current range for P3 is $850 – $1000. With bonus, range is $1275 - $1500) |