- $200 – $4,000 per vulnerability
Opsgenie is a modern incident management platform for operating always-on services, empowering Dev & Ops teams to plan for service disruptions and stay in control during incidents. With over 200 deep integrations and a highly flexible rules engine, Opsgenie centralizes alerts, notifies the right people reliably, and enables them to collaborate and take rapid action. Throughout the entire incident lifecycle, Opsgenie tracks all activity and provides actionable insights to improve productivity and drive continuous operational efficiencies.
Get Started (tl;dr version)
- Testing for Opsgenie is to be performed on https://*.opsgenie.com using free-trial accounts.
- Do not access, impact, destroy or otherwise negatively impact Opsgenie customers, or customer data in anyway.
- Ensure that you use your @bugcrowdninja.com email address.
- Ensure you understand the targets, scopes, exclusions, and rules below.
- Opsgenie Links
- For real time support you can also use Intercom chat bubble on bottom right of www.opsgenie.com
- API Docs
- Mobile apps
- Session Management
- HTTP and Cookie Security
- Multi Tenant Data Leakage/Access
- Server-side Remote Code Execution (RCE)
- Server-Side Request Forgery (SSRF)
- Stored/Reflected Cross-site Scripting (XSS)
- XML External Entity Attacks (XXE)
- Access Control & Authorization Vulnerabilities
- Path/Directory Traversal Issues
- File Upload & File hosting
Ensure you review the out of scope and exclusions list for further details.
** Cross Instance Data Leakage/Access refers to unauthorised data access between instances.
Creating Your Instance
Researchers can sign up here: https://www.atlassian.com/software/opsgenie/try
Note: Remember to use your @bugcrowdninja.com email address
!! Do not forget to verify your account by clicking on the link via email, some features will not work until verification is complete. !!
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.