The Plugin People
- $100 – $1,800 per vulnerability
We are an Atlassian focused development company with products for Jira and Confluence. Our primary product is Enterprise Mail Handler for Jira, available as distinctly separate applications for Jira DataCenter (JEMH) and Cloud (JEMHC).
In Scope Systems and Services
In Scope rewards are for vulnerabilities found in our app or caused by our apps:
- A self hosted Atlassian Jira Data Center instance with the DC edition of Enterprise Mail Handler for Jira DC.
- An Atlassian Jira Cloud instance (eg nnn.atlassian.net) containing our Enterprise Mail Handler for Jira Cloud app.
Out Of Scope Atlassian Systems and Services
ALL other 3rd party systems including Atlassian services ARE NOT in scope here (examples shown below). Vulnerabilities in such platforms should be logged with Atlassian via https://bugcrowd.com/atlassian
- marketplace.atlassian.com
- id.atlassian.com
- team.atlassian.com
- admin.atlassian.com
- my.atlassian.com
Ratings/Rewards:
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Scope and rewards
Program rules
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.