Asset identifier: Aiven for Apache Cassandra managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/cassandra for details about the service.
Aiven for Apache Cassandra® is a fully managed NoSQL database, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for Apache Flink (beta) managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/flink for details about the service.
Apache Flink is a framework and distributed processing engine for stateful computations over unbounded and bounded data streams. It is a perfect companion to Apache Kafka event streaming platform, to perform reliable and scalable real-time filtering, enriching, aggregating, alerting and analysing of the events.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for Apache Kafka managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/kafka for details about the service. Also in scope Aiven for Apache Kafka Connect https://aiven.io/kafka-connect and Aiven for Apache Kafka MirrorMaker 2 https://aiven.io/mirrormaker
Aiven for Apache Kafka® is a fully managed streaming platform, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for Clickhouse (beta) managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See [Developer documentation](https://developer.aiven.io/docs/products/clickhouse/index.html) for details about the service.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Aiven for ClickHouse beta is powered by ClickHouse, a highly scalable, open source database that uses a column-oriented structure. ClickHouse is designed for online analytical processing (OLAP) applications, and is an ideal tool for applications such as web analytics, or complex data reporting.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for Grafana managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/grafana for details about the service.
Aiven for Grafana is a fully managed analytics and monitoring solution, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for InfluxDB managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/influxdb for details about the service.
Aiven for InfluxDB is a fully managed time series database, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for M3 managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/m3 for details about the service. Also in scope: Aiven for
M3 Aggregator: https://aiven.io/m3-aggregator
Aiven for M3 is a fully managed distributable time series database, deployable in the cloud of your choice. Bring unlimited scalability and high-availability to your Prometheus monitoring environment and other time series applications.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for MySQL managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/mysql for details about the service.
Aiven for MySQL is a fully managed SQL database, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for OpenSearch managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/opensearch for details about the service.
Aiven for OpenSearch is a fully managed search and analytics suite forked from Elasticsearch, and deployable in the cloud of your choice. Our maintenance-free solution helps you make the most of your data – and focus on building your business.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for PostgreSQL managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/postgresql for details about the service.
Aiven for PostgreSQL is a fully managed SQL database, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: Aiven for Redis managed and hosted service
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: See https://aiven.io/redis for details about the service.
Aiven for Redis™* is a fully managed in-memory NoSQL database, deployable in the cloud of your choice. Snap it into your existing workflows with the click of a button, automate away the mundane tasks, and focus on building your core apps.
Only assets in the aivencloud.com that are connected to services you create by yourself are in-scope. Services need to be linked and owned by your own test account that you registered using the wearehackerone.com email account.
Specifically, assets under aivencloud.com domain that are linked to our customers systems and services are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: aivencloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Aivencloud.com is used for Aiven customer service deployments. Assets under aivencloud.com are thus only eligible for bounty if they are assets are linked and owned to your own test accounts and services. Specifically, assets under that domain that are linked to customer systems are off-limits and not eligible for bounty.
The services can be launched via console.aiven.io or using our API at api.aiven.io.
Integrity requirements:
Max severity: critical
Asset identifier: api.aiven.io
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: console.aiven.io
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: github.com/aiven
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Bugs that are not security issues in available source code may not be eligible for a bounty. Accessing confidential Aiven source code or other resources, or finding valid credentials or similar secrets from publicly available source code may be eligible for bounty.
**Do note this is not a permission to attack Github.com in any way. For any Github specific vulnerabilities, please refer to Github bug bounty program.**
