Bug Bounties

Smartsheet

Powered by: 

Allows bounty splitting: 

Average time to first program response: 15

Average time to bounty awarded null: 4180

Average time to report resolved: 7195

Handle smartsheet

Managed program: true

Name: Smartsheet

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/smartsheet

Website: http://smartsheet.com

In scope:

  • Asset identifier: admin.smartsheet.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Admin Center allows System Admins and Group Admins to administer and govern their Smartsheet account. Access to this endpoint requires a login for app.smartsheet.com. Additional information can be found [here](https://help.smartsheet.com/articles/2481889-admin-center-overview).
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: app.smartsheet.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Web interface for the Smartsheet platform. [Sign up for a non-expiring developer account using your wearehackerone.com email.](https://developers.smartsheet.com/register/) Additional accounts can be created using yourusername+whatever@wearehackerone.com Only test using @wearehackerone.com accounts [Sign into the application.](https://app.smartsheet.com/b/home) [Checkout platform features.](https://help.smartsheet.com/topics/sheet-basics) Be the first to hack our new features, by reading the [Release Notes.](https://www.smartsheet.com/release-notes)
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.smartsheet.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Our Android mobile application. [Play Store Link](https://play.google.com/store/apps/details?id=com.smartsheet.android) Use your @wearehackerone.com email to sign up for Smartsheet account: https://developers.smartsheet.com/register/
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.smartsheet.smartsheet
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Our iOS application. [App Store Link](https://itunes.apple.com/app/smartsheet/id568421135) Use your @wearehackerone.com email to sign up for Smartsheet account: https://developers.smartsheet.com/register/
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: developers.smartsheet.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Portal to support developers who want to integrate with Smartsheet. Use your @wearehackerone.com email to sign up for Smartsheet account: https://developers.smartsheet.com/register/
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: help.smartsheet.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Where users can go to learn how to use our product.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: http://api.smartsheet.com/2.0
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Programmatic access to the Smartsheet application. [API documentation found here.](https://smartsheet-platform.github.io/api-docs/) [How to generate API token](https://smartsheet-platform.github.io/api-docs/#authentication-and-access-tokens)
  • Integrity requirements: 
  • Max severity: critical