Bug Bounties

Rocket.Chat

Powered by: 

Allows bounty splitting: 

Average time to first program response: 7

Average time to bounty awarded null: 

Average time to report resolved: 5745

Handle rocket_chat

Managed program: false

Name: Rocket.Chat

Offers bounties: false

Offers swag: true

Response efficiency percentage: 82

Submission state: open

Url: https://hackerone.com/rocket_chat

Website: https://rocket.chat

In scope:

  • Asset identifier: https://cloud.rocket.chat/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: This app is responsible for our customers SaaS management.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://github.com/RocketChat/Rocket.Chat
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Here is the document in how to install rocket.chat: https://www.rocket.chat/install
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/RocketChat/Rocket.Chat.Electron
  • Asset type: SOURCE_CODE
  • Availability requirement: none
  • Confidentiality requirement: low
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: You can build it or download from: https://www.rocket.chat/install#Apps
  • Integrity requirements: low
  • Max severity: medium



  • Asset identifier: https://github.com/RocketChat/Rocket.Chat.ReactNative
  • Asset type: SOURCE_CODE
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://rocket.chat/
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Today we're using a third-party company to host our rocket.chat static website but if you find anything that could compromise us based in our configuration, feel free to report.
  • Integrity requirements: 
  • Max severity: critical