Exoscale

Dear researchers,

The event for celebrating the release of our new IAM feature is still ongoing. There are still a few days remaining to enjoy the doubled bounties!

Until next Monday, for the upcoming week, the following payout applies:

Priority	Previous Reward Range	New Reward Range
P(1)	$2000-3000	$4000-6000
P(2)	$500-1000	$1000-2000
P(3)	$100-500	$200-1000
P(5)	$100	$200

Event Scope:

• API
• Managed Scalable Kubernetes Service (SKS)
• Legacy API
• Simple Object Storage (SOS)
• Database as a Service (DBaaS)
• Internal Web services

Out of scope (normal payout grid applies):

• Web Portal

Last, a piece of advice to help you keep finding cool bugs: we encourage you to look into the internal working of our cloud services rather than focusing on “generic” vulnerabilities as that’s generally where the serious issues hide.

In particular, you can learn more about the new IAM by reading the full documentation here:

• API Keys, Roles and Policies (exoscale.com)
• IAM Reference: Operations and Resources (exoscale.com)

We are looking forward to reading your interesting reports!

Kind regards and happy hunting,
Exoscale Security Team