Blue Jeans Network

  • Points – $2,000 per vulnerability
  • Partial safe harbor
  • Managed by Bugcrowd

Program stats

64 vulnerabilities rewarded

Validation within 5 days
75% of submissions are accepted or rejected within 5 days

$500 average payout (last 3 months)

Latest hall of famers

Recently joined this program

587 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

BlueJeans takes the security, integrity, availability of the service, and the privacy of our users seriously. We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being proactive rather than reactive to emerging security issues is a fundamental belief at BlueJeans. Every day new security issues and attack vectors are created. BlueJeans strives to keep abreast of the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world.

Rules of engagement:

We are interested in hearing about security issues in production BlueJeans sites and our client software applications. These in-scope, production assets have been listed below under 'Targets'. That said, there are some things we explicitly ask you not to do:

  • Do not run automated scans without checking with us first. They are often very noisy.
    • If running any automated testing tools, be sure to keep well under 100 requests per second - otherwise you're likely to get locked out.
  • Do not test the physical security of BlueJeans offices, employees, equipment, etc.
  • Do not test using social engineering techniques (phishing, vishing, etc.)
  • Do not perform DoS or DDoS attacks.
  • In any way attack our end users, or engage in the trade of stolen user credentials.
  • In any way disrupt our customers

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

Reward Range

Last updated
Technical severity Reward range
p1 Critical $1,000 - $2,000
p2 Severe $250 - $500
P3 and P4 are only eligible to receive kudos points. P5 submissions do not receive any rewards for this program.


In scope

Target name Type Website API Website Other Website Other Website
BlueJeans Android Application Android
BlueJeans iOS Application iOS
BlueJeans Mac Client Other
BlueJeans Windows Client Other
BlueJeans Browser-based Web Meeting Clients Other

Out of scope

Any domain/property of BlueJeans Network not listed in the targets section is out of scope. This includes any/all subdomains not listed above.

BlueJeans Products & Services:

The BlueJeans product line includes BlueJeans Meetings, BlueJeans Events, and BlueJeans Rooms. There is also an E-commerce application that is used by prospects to purchase BlueJeans services.

BlueJeans Meetings Collaborate from anywhere on any device with online meetings.
Supported Roles:

  • Meeting Moderators
  • Meeting Attendees
  • Enterprise Administrator: This is a special role that is given to trusted users in your enterprise. This role has the highest privileges from an enterprise perspective.

How to access:

  • You will access the BlueJeans service using trial accounts and unauthenticated guests.
  • Please create a BlueJeans trial account on your own using your email address. Your '' email address is your All emails will go to the email address associated with your account. You will need to activate your account by confirming receipt of the activation email.
  • Doing the above will create a free trial enterprise for you.
  • For testing from the paid enterprise perspective with all features enabled, please send your email address to and we will add that to a paid enterprise account.

BlueJeans Events Host and manage live interactive events for large audiences around the world
Supported Roles:

  • Moderator
  • Presenter
  • Attendee
    • This feature needs to be enabled on your account. Please send your email address to and we will enable the Events feature for you. You can access event via events page.

BlueJeans Rooms Make any room a video conference room that is easy to use and manage. video conferencing

  • Please test the API’s provided in the API Documentation
    • API Documentation: Here

E-commerce Application - This is used mainly by SMB customers for purchasing BlueJeans services.
How to access:

  • Geo-Fencing is enabled and the ‘Buy Now’ feature is accessible only from non-APAC region IP addresses.

BlueJeans Mac & Windows Desktop Client

  • Test with our current desktop client
  • The new desktop client can be downloaded as<meeting id>/blue
  • Or dowload the desktop client from here:

BlueJeans Browser-based Web Meeting Clients

  • Frome Chrome, Safari, Firefox and Opera launch the meeting using the url:<meeting id>/webrtc

BlueJeans Mobile Clients

  • From iOS and Android, launch the meeting as:<meeting id>. Bluejeans app will download. Install and run it.

All services can be accessed via and

  • NOTE: Once a vulnerability is found please file a submission immediately. Our security team will investigate and assess the impact.

Focus Areas:

  • The BlueJeans services BlueJeans Meetings and BlueJeans Events are mostly a single-page web application and client-based video conferencing solution. BlueJeans is interested in any vulnerabilities that can be used to gain access to another BlueJeans service user's account and meeting video recordings.

In-Scope Details:

  • BlueJeans Events is our events service and can be accessed via the events tab once logged in.
  • Static is CDN for static content only.
  • API is used by non-web clients such as the desktop app and mobile apps.
    • If you want to test the enterprise API, contact us at Give us your BlueJeans Account and the BugCrowd researcher ID and request Enterprise API access and the documentation.


  • NOTE: Network Level DDoS/DoS attacks are forbidden.
  • Application volumetric DDoS/DoS attacks are forbidden, if you find a request that takes too long to answer report it, please do not try to DoS the service.**
  • Interacting with real customers or real customer accounts is forbidden.

To prevent being locked out please throttle automated testing under 100 requests per second

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.