• $50 – $10,000 per vulnerability
  • Safe harbor

A note from Indeed on similar submissions

Hey Everyone,

Indeed has been seeing an influx of submissions that are largely related to one another. While these reports do provide value, they've requested that researchers submit all similar vulns in a single ticket so that they can process and reward more quickly. All of your submissions will be rewarded approriately, as if they were submitted as individually.

From Indeed:

We ask that researchers who are able to identify the same or similar types of issues in multiple locations across one of our applications combine those findings into a single submission that includes a description as well as the various locations where vulnerabilities have been identified. This greatly assists us in our triage process and allows us to process your submissions faster. The combined submissions will be evaluated holistically and will receive rewards corresponding to the collective findings. For example, if an application is discovered to have broken access control on a number of API endpoints, please submit a single submission that includes a list of those API endpoints. If separate submissions are made, they may be inadvertently closed as duplicates.

Thanks a lot and happy hunting!

Steve @Bugcrowd