Instruction: Issues affecting the Desktop Client available from [https://nextcloud.com/install/#install-clients](https://nextcloud.com/install/#install-clients "https://nextcloud.com/install/#install-clients")
Integrity requirements:
Max severity: critical
Asset identifier: com.nextcloud.Talk
Asset type: APPLE_STORE_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Our official iOS Talk client from [https://itunes.apple.com/app/id1296825574](https://itunes.apple.com/app/id1296825574)
Integrity requirements: low
Max severity: medium
Asset identifier: com.nextcloud.client
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Our official Android client from [https://play.google.com/store/apps/details?id=com.nextcloud.client](https://play.google.com/store/apps/details?id=com.nextcloud.client "https://play.google.com/store/apps/details?id=com.nextcloud.client")
Integrity requirements: low
Max severity: medium
Asset identifier: com.nextcloud.talk2
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Our official Android Talk client from [https://play.google.com/store/apps/details?id=com.nextcloud.talk2](https://play.google.com/store/apps/details?id=com.nextcloud.talk2)
Instruction: Code from [https://github.com/daita/files_fulltextsearch_tesseract](https://github.com/daita/files_fulltextsearch_tesseract) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: https://apps.nextcloud.com/
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Part of the Nextcloud app store which source code is available from [https://github.com/nextcloud/appstore](https://github.com/nextcloud/appstore "https://github.com/nextcloud/appstore"). Note that all apps are cryptographically signed by developers and reports thus usually don't qualify for monetary rewards as they don't affect Nextcloud instances.
Integrity requirements:
Max severity: critical
Asset identifier: https://auth.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Integrity requirements:
Max severity: critical
Asset identifier: https://crm.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Instruction: This domain serves updates to Nextcloud server and the Nextcloud desktop client.
- Client updater server:[https://github.com/nextcloud/client\_updater\_server](https://github.com/nextcloud/client_updater_server "https://github.com/nextcloud/client\_updater\_server")
- Server updater server: [https://github.com/nextcloud/updater\_server](https://github.com/nextcloud/updater_server "https://github.com/nextcloud/updater\_server")
While updates are cryptographically signed this is still a core part of Nextcloud. We thus pay out monetary rewards for issues affecting the integrity of the system. (e.g. allowing an attacker to announce malicious updates)
Integrity requirements:
Max severity: critical
Asset identifier: https://docs.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Static web server serving the generated documentation from [https://github.com/nextcloud/documentation](https://github.com/nextcloud/documentation "https://github.com/nextcloud/documentation")
Integrity requirements:
Max severity: critical
Asset identifier: https://download.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: While updates and downloads are cryptographically signed this is still a core part of Nextcloud. We thus pay out monetary rewards for issues affecting the integrity of the system. (e.g. allowing an attacker replacing arbitrary files on the system)
Integrity requirements:
Max severity: critical
Asset identifier: https://help.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: This asset is running Discourse, and as such reports of newly discovered vulnerabilities should be submitted to their program instead: [https://hackerone.com/discourse](https://hackerone.com/discourse "https://hackerone.com/discourse") – Please use this scope only for reporting missing security updates on our Discourse installation.
Integrity requirements:
Max severity: critical
Asset identifier: https://knowledge.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Integrity requirements:
Max severity: critical
Asset identifier: https://lists.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Integrity requirements:
Max severity: critical
Asset identifier: https://logs.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Integrity requirements:
Max severity: critical
Asset identifier: https://lookup.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: The Nextcloud lookup server source code can be found at [https://github.com/nextcloud/lookup-server/](https://github.com/nextcloud/lookup-server/ "https://github.com/nextcloud/lookup-server/")
Instruction: The nextcloud.com website is running Wordpress and the source code of our theme and adjustments can be found at [https://github.com/nextcloud/nextcloud.com](https://github.com/nextcloud/nextcloud.com "https://github.com/nextcloud/nextcloud.com")
Integrity requirements:
Max severity: critical
Asset identifier: https://portal.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Portal with support answers by the Nextcloud support team.
Please be extremely careful when testing this server as it is used by our customers as well.
Integrity requirements:
Max severity: critical
Asset identifier: https://projects.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Instruction: Backend behind the push notification proxy for our mobile apps. Our push notifications are End-To-End encrypted and thus an attacker would not be able to gain access to the content of push notifications.
The push notification proxy client can be found at [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications")
Integrity requirements:
Max severity: critical
Asset identifier: https://pushfeed.nextcloud.com
Asset type: URL
Availability requirement: low
Confidentiality requirement: none
Eligible for bounty:
Eligible for submissions: true
Instruction: pushfeed.nextcloud.com is used to push cryptographically signed announcements to administrators of all Nextcloud instances. The source code for the generation of said announcement feeds can be found at [https://github.com/nextcloud/announcer](https://github.com/nextcloud/announcer "https://github.com/nextcloud/announcer") and the client at [https://github.com/nextcloud/nextcloud\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\_announcements")
Integrity requirements: none
Max severity: low
Asset identifier: https://scan.nextcloud.com/
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Runs the web interface for the software used by the Nextcloud security scanner.
Instruction: Part of the Nextcloud app store which source code is available from [https://github.com/nextcloud/appstore](https://github.com/nextcloud/appstore "https://github.com/nextcloud/appstore"). Note that all apps are cryptographically signed by developers and reports thus usually don't qualify for monetary rewards as they don't affect Nextcloud instances.
Integrity requirements:
Max severity: critical
Asset identifier: https://stats.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")
Integrity requirements:
Max severity: critical
Asset identifier: https://support.nextcloud.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: This asset is running Zammad, and as such reports of newly discovered vulnerabilities should be submitted to them: [https://zammad.com/contact](https://zammad.com/contact "https://zammad.com/contact") – Please use this scope only for reporting missing security updates on our Zammad installation.
Please be extremely careful when testing this server as it is used by our customers as well.
Instruction: The survey server data processes and stores anonymous statistics about deployed Nextcloud instances. Source code of the server can be found at [https://github.com/nextcloud/survey\_server](https://github.com/nextcloud/survey_server "https://github.com/nextcloud/survey\_server") and source code of the client at [https://github.com/nextcloud/survey\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\_client")
Integrity requirements:
Max severity: critical
Asset identifier: https://updates.nextcloud.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: This domain serves updates to Nextcloud server and the Nextcloud desktop client.
- Client updater server:[https://github.com/nextcloud/client\_updater\_server](https://github.com/nextcloud/client_updater_server "https://github.com/nextcloud/client\_updater\_server")
- Server updater server: [https://github.com/nextcloud/updater\_server](https://github.com/nextcloud/updater_server "https://github.com/nextcloud/updater\_server")
While updates are cryptographically signed this is still a core part of Nextcloud. We thus pay out monetary rewards for issues affecting the integrity of the system. (e.g. allowing an attacker to announce malicious updates)
Instruction: Note that usercontent.apps.nextcloud.com serves potentially untrusted user content and is always setting a Content-Type of attachment. The source code for the software can be found at [https://github.com/nextcloud/usercontent.apps.nextcloud.com](https://github.com/nextcloud/usercontent.apps.nextcloud.com "https://github.com/nextcloud/usercontent.apps.nextcloud.com")
Integrity requirements:
Max severity: critical
Asset identifier: it.twsweb.Nextcloud
Asset type: APPLE_STORE_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: Our official iOS client from [https://itunes.apple.com/app/nextcloud/id1125420102](https://itunes.apple.com/app/nextcloud/id1125420102 "https://itunes.apple.com/app/nextcloud/id1125420102")
Integrity requirements: low
Max severity: medium
Asset identifier: nextcloud/3rdparty
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/3rdparty](https://github.com/nextcloud/3rdparty "https://github.com/nextcloud/3rdparty") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/activity
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/activity](https://github.com/nextcloud/activity "https://github.com/nextcloud/activity") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/approval
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/approval](https://github.com/nextcloud/approval) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/bruteforcesettings
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/bruteforcesettings](https://github.com/nextcloud/bruteforcesettings) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/calendar
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/calendar](https://github.com/nextcloud/calendar) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Instruction: Code from [https://github.com/nextcloud/calendar_resource_management](https://github.com/nextcloud/calendar_resource_management) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/circles
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/circles](https://github.com/nextcloud/circles "https://github.com/nextcloud/circles") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/contacts
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/contacts](https://github.com/nextcloud/contacts) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/data_request
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/data_request](https://github.com/nextcloud/data_request) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/deck
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/deck](https://github.com/nextcloud/deck "https://github.com/nextcloud/deck") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/end_to_end_encryption
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/end_to_end_encryption](https://github.com/nextcloud/end_to_end_encryption "https://github.com/nextcloud/end_to_end_encryption") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements: high
Max severity: critical
Asset identifier: nextcloud/external
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/external](https://github.com/nextcloud/external) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_accesscontrol
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files\_accesscontrol](https://github.com/nextcloud/files_accesscontrol "https://github.com/nextcloud/files\_accesscontrol") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_antivirus
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files_antivirus](https://github.com/nextcloud/files_antivirus) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Instruction: Code from [https://github.com/nextcloud/files\_automatedtagging](https://github.com/nextcloud/files_automatedtagging "https://github.com/nextcloud/files\_automatedtagging") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_fulltextsearch
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files_fulltextsearch](https://github.com/nextcloud/files_fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_lock
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files_lock](https://github.com/nextcloud/files_lock) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_pdfviewer
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files\_pdfviewer](https://github.com/nextcloud/files_pdfviewer "https://github.com/nextcloud/files\_pdfviewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_retention
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files\_retention](https://github.com/nextcloud/files_retention "https://github.com/nextcloud/files\_retention") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_rightclick
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files_rightclick](https://github.com/nextcloud/files_rightclick "https://github.com/nextcloud/files_rightclick") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/files_texteditor
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/files\_texteditor](https://github.com/nextcloud/files_texteditor "https://github.com/nextcloud/files\_texteditor") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/firstrunwizard
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/firstrunwizard](https://github.com/nextcloud/firstrunwizard "https://github.com/nextcloud/firstrunwizard") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/flow_notifications
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/flow_notifications](https://github.com/nextcloud/flow_notifications) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/fulltextsearch
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/fulltextsearch](https://github.com/nextcloud/fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Instruction: Code from [https://github.com/nextcloud/fulltextsearch_elasticsearch](https://github.com/nextcloud/fulltextsearch_elasticsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/globalsiteselector
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/globalsiteselector](https://github.com/nextcloud/globalsiteselector) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/groupfolders
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/groupfolders](https://github.com/nextcloud/groupfolders) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/guests
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/guests](https://github.com/nextcloud/guests) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/logreader
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/logreader](https://github.com/nextcloud/logreader "https://github.com/nextcloud/logreader") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/mail
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/mail](https://github.com/nextcloud/mail "https://github.com/nextcloud/mail") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Instruction: Code from [https://github.com/nextcloud/nextcloud\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\_announcements") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/notifications
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/notify_push
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/notify_push](https://github.com/nextcloud/notify_push) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/onlyoffice
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/ONLYOFFICE/onlyoffice-nextcloud](https://github.com/ONLYOFFICE/onlyoffice-nextcloud) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
**Note:** We only issue monetary awards for issue in our own code base. For any bugs within ONLYOFFICE, please contact [ONLYOFFICE](https://www.onlyoffice.com/support-contact-form.aspx).
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/password_policy
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/password\_policy](https://github.com/nextcloud/password_policy "https://github.com/nextcloud/password\_policy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/photos
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/photos](https://github.com/nextcloud/photos "https://github.com/nextcloud/photos") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements: high
Max severity: critical
Asset identifier: nextcloud/preferred_providers
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/preferred_providers](https://github.com/nextcloud/preferred_providers) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/privacy
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/privacy](https://github.com/nextcloud/privacy "https://github.com/nextcloud/privacy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/recommendations
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/recommendations](https://github.com/nextcloud/recommendations "https://github.com/nextcloud/recommendations") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/related_resources
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/related_resources](https://github.com/nextcloud/related_resources) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/richdocuments
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/richdocuments](https://github.com/nextcloud/richdocuments) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
**Note:** We only issue monetary awards for issue in our own code base. For any bugs within Collabora Online, please contact [Collabora](https://www.collaboraoffice.com/about-us/).
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/server
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/server](https://github.com/nextcloud/server "https://github.com/nextcloud/server") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/serverinfo
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/serverinfo](https://github.com/nextcloud/serverinfo "https://github.com/nextcloud/serverinfo") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/sharepoint
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/sharepoint](https://github.com/nextcloud/sharepoint) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/socialsharing
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/socialsharing](https://github.com/nextcloud/socialsharing) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/spreed
Asset type: SOURCE_CODE
Availability requirement: medium
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/spreed](https://github.com/nextcloud/spreed) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements: high
Max severity: critical
Asset identifier: nextcloud/survey_client
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/survey\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\_client") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/suspicious_login
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/suspicious_login](https://github.com/nextcloud/suspicious_login) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/terms_of_service
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/terms_of_service](https://github.com/nextcloud/terms_of_service) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/text
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/text](https://github.com/nextcloud/text "https://github.com/nextcloud/text") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/twofactor_totp
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/twofactor_totp](https://github.com/nextcloud/twofactor_totp) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/twofactor_webauthn
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/twofactor_webauthn](https://github.com/nextcloud/twofactor_webauthn) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/updater
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/updater](https://github.com/nextcloud/updater "https://github.com/nextcloud/updater") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/user_migration
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/user_migration](https://github.com/nextcloud/user_migration) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/user_oidc
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/user_oidc](https://github.com/nextcloud/user_oidc) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/user_saml
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/user\_saml](https://github.com/nextcloud/user_saml "https://github.com/nextcloud/user\_saml") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/viewer
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/viewer](https://github.com/nextcloud/viewer "https://github.com/nextcloud/viewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Integrity requirements:
Max severity: critical
Asset identifier: nextcloud/workflow_script
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Code from [https://github.com/nextcloud/workflow_script](https://github.com/nextcloud/workflow_script) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
