
Statuspage
- Points – $3,000 per vulnerability
Statuspage launched in 2013 to give companies a better way to be more transparent with their customers. We recognize managing a status page outside of one’s own infrastructure can be a hassle, and hope to increase the transparency of the web by making it easier to do so.
Before you begin, please read and understand the Standard Disclosure Terms.
Below is a list of some of the vulnerability classes that we are seeking reports for:
- Server-side Remote Code Execution (RCE)
- Server-Side Request Forgery (SSRF)
- Stored/Reflected Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- SQL Injection (SQLi)
- XML External Entity Attacks (XXE)
- Access Control Vulnerabilities (Insecure Direct Object Reference issues, etc)
- Path/Directory Traversal Issues
Ensure you review the out of scope and exclusions list for further details.
Accessing Statuspage
Please visit https://manage.statuspage.io/security-researcher to identify yourself as a security researcher, this will give you a free account for a month. You'll need to create an account and log in to view this page.
Scope and rewards
Reward range
Last updated
Technical severity | Reward range |
---|---|
p1 Critical | Up to: $3,000 |
p2 Severe | Up to: $900 |
p3 Moderate | Up to: $300 |
p4 Low | Up to: $100 |
Program rules
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.