Powered by: Allows bounty splitting:
Average time to first program response:
Average time to bounty awarded null:
Average time to report resolved:
Handle slack
Managed program: false
Name: Slack
Offers bounties: true
Offers swag: false
Response efficiency percentage: 89
Submission state: open
Url: https://hackerone.com/slack
Website: https://slack.com
In scope: Asset identifier: *.quip.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: criticalAsset identifier: 647922896Asset type: APPLE_STORE_APP_IDAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: itunes.apple.com/us/app/quip-docs-chat-sheets/id647922896Integrity requirements: highMax severity: criticalAsset identifier: api.slack.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: The Slack APIIntegrity requirements: Max severity: criticalAsset identifier: app.slack.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: criticalAsset identifier: com.SlackAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: criticalAsset identifier: com.quip.quipAsset type: GOOGLE_PLAY_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: https://play.google.com/store/apps/details?id=com.quip.quip&hl=en_USIntegrity requirements: Max severity: criticalAsset identifier: com.slack.slackmdmAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Reports are accepted for vulnerabilities specific to the [Slack EMM/MDM version of the app](https://apps.apple.com/us/app/slack-for-emm/id1254292716).
EMM client vulnerabilities in the absence of a valid MDM configuration via a supported MDM provider, (such as MobileIron), on an EMM-enabled Slack team are excluded.Integrity requirements: Max severity: criticalAsset identifier: com.tinyspeck.chatlyioAsset type: APPLE_STORE_APP_IDAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: The main Slack app is included: [Slack iOS App](https://apps.apple.com/us/app/slack/id618783545)
Other versions of the app, such as the EMM and Intune versions, are not included.Integrity requirements: Max severity: criticalAsset identifier: edgeapi.slack.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: criticalAsset identifier: https://github.com/slackhq/nebulaAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Only Critical reports for this component will be accepted and paid.Integrity requirements: Max severity: criticalAsset identifier: https://salesforce.quip.com/blog/desktopAsset type: DOWNLOADABLE_EXECUTABLESAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: highMax severity: criticalAsset identifier: slack-imgs.comAsset type: URLAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Only Critical severity reports for this domain will be accepted and paid.Integrity requirements: highMax severity: criticalAsset identifier: slack-redir.netAsset type: URLAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Only Critical severity reports for this domain will be accepted and paid. Reports for open redirects are unlikely to be rewarded.Integrity requirements: highMax severity: criticalAsset identifier: slack.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: The slack.com site and application.Integrity requirements: Max severity: criticalAsset identifier: slackatwork.comAsset type: URLAvailability requirement: lowConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Only Critical severity reports for this domain will be accepted and paid.Integrity requirements: lowMax severity: criticalAsset identifier: slackb.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: Max severity: criticalAsset identifier: spaces.pmAsset type: URLAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Only Critical severity reports for this domain will be accepted and paid.Integrity requirements: highMax severity: criticalAsset identifier: status.slack.comAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: The Slack status siteIntegrity requirements: Max severity: criticalAsset identifier: www.quip.comAsset type: URLAvailability requirement: highConfidentiality requirement: highEligible for bounty: trueEligible for submissions: trueInstruction: Integrity requirements: highMax severity: critical
