Bug Bounties

DataStax

Powered by: 

Allows bounty splitting: 

Average time to first program response: 22

Average time to bounty awarded null: 329

Average time to report resolved: 2217

Handle datastax

Managed program: true

Name: DataStax

Offers bounties: true

Offers swag: false

Response efficiency percentage: 91

Submission state: open

Url: https://hackerone.com/datastax

Website: https://www.datastax.com/

In scope:

  • Asset identifier: DSE, Opscenter
  • Asset type: DOWNLOADABLE_EXECUTABLES
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Applications packaged and in scope are: * DataStax Enterprise (DSE) [Server, Analytics, Graph, Search] Vulnerabilities in scope: * Loss of availability, confidentiality, or integrity of the data from unauthenticated side-channel or protocol attacks on the DSE server (attacks on the native or storage ports) * Privilege escalation, or loss of tenancy within CQL Vulnerabilities out of scope: * JMX related vulnerabilities * DDOS attacks using large or high throughput payloads
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://astra.datastax.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://docs.datastax.com/
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: *Automated Scanning Prohibited*
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://downloads.datastax.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: none
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: *Automated Scanning Prohibited* Our downloads site available for the general public. Open directory listings with read only access is not in scope.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://www.datastax.com/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: *Automated Scanning Prohibited*
  • Integrity requirements: high
  • Max severity: critical