Bug Bounties

Elastic

Powered by: 

Allows bounty splitting: 

Average time to first program response: 9

Average time to bounty awarded null: 188

Average time to report resolved: 1171

Handle elastic

Managed program: true

Name: Elastic

Offers bounties: true

Offers swag: false

Response efficiency percentage: 99

Submission state: open

Url: https://hackerone.com/elastic

Website: https://www.elastic.co/

In scope:

  • Asset identifier: *.elastic-cloud.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.elastic.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: All subdomains are in scope UNLESS OTHERWISE LISTED IN OUT-OF-SCOPE. Local, or on-premise Elastic stack is also IN-scope.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.elasticnet.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.elstc.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.eops.nl
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.found.io
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Exfiltration of data or attacks against any customer clusters will not be eligible for rewards. Local, or on-premise Elastic stack is also in-scope. Only the latest supported versions of the Elastic Stack will be eligible for a bounty.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.swiftype.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: All Elastic Products
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Any Elastic Products (elasticsearch, kibana, endpoint, machine learning, enterprise search, etc)
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: Elastic Package Registry
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: - https://github.com/elastic/package-registry - https://epr.elastic.co/search?all Elastic's package registry is used to pull elastic packages. Being able to modify our package registry is of particular interest to us.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: Elastic Synthetics Monitoring
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: To get access, do the following steps: 1. Create a new deployment on cloud using an account with your @wearehackerone.com email alias. 2. Once in the deployment, go to the Observability application and pick the "Uptime" 3. Go to the Monitor Management tab 4. Fill out the request form. 5. Wait 24 hours for our team to approve you.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: cloud.elastic.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: ##How to test 1. Go to https://cloud.elastic.co/ 1. Click “Sign Up” 1. Enter your @wearehackerone email and click “Start Free Trial” (you can create multiple trials if necessary) 1. Find your verification email and click “Verify and Accept” 1. Set your password 1. Click “Start Free Trial” You should now be able to create an Elasticsearch deployment in any hosted infrastructure you choose. Once you create a deployment, try to find bugs! Only the latest supported versions of the Elastic Stack will be eligible for a bounty. Bugs describing missing rate limiting on cloud.elastic.co/api/v1/users/_login are out of scope. The API is rate limited but doesn't return a 429.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: elastic-cloud.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: elasticsearch-ci.elastic.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This includes: - https://apm-ci.elastic.co/ - https://beats-ci.elastic.co/ - https://clients-ci.elastic.co/ - https://cloud-ci.elastic.co/ - https://devops-ci.elastic.co/ - https://elasticsearch-ci.elastic.co/ - https://infra-ci.elastic.co/ - https://internal-ci.elastic.co/ - https://kibana-ci.elastic.co/ - https://logstash-ci.elastic.co/ - https://swiftype-ci.elastic.co/ Our CI infrastructure is public on purpose as we are an open organization. We do not accept reports of the CI instance being public, it's not an accident. We also don't build our releases with these CI instances, this helps us avoid critical findings on these systems. Some examples of reports we will accept: * leaked credentials (actual leaks, not theoretical leaks because the CI is public). * Outdated CI instances with known vulnerabilities * Misconfigured CI instances that could allow an attacker to do something unexpected
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: https://github.com/elastic/beats
  • Asset type: SOURCE_CODE
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: https://github.com/elastic/elasticsearch
  • Asset type: SOURCE_CODE
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: https://github.com/elastic/kibana
  • Asset type: SOURCE_CODE
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: https://github.com/elastic/logstash
  • Asset type: SOURCE_CODE
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: other
  • Asset type: OTHER
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: If you found something that we own that is not explicitly listed as in-scope, please file it under this asset for us to investigate. We don't want our scope section to stop you from finding us vulnerabilities!
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: www.elastic.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: The main page for Elasticsearch
  • Integrity requirements: medium
  • Max severity: critical