Vulnerability Disclosure
At Cleeng we are extremely cautious about the security of our company's systems and applications, and we really appreciate a proactive approach to identifying and resolving security vulnerabilities.
Therefore, we invite security researchers, ethical hackers and other experts who identify security vulnerabilities in our systems to report them to us.
If you have discovered any imperfections or identified any vulnerabilities, please submit them through the designated address [email protected] and share a detailed description.
The submissions will be reviewed and validated by the Cleeng team. The impact and likelihood will be judged on a case-by-case basis and we will be happy to reward you depending on the seriousness of the vulnerability you have discovered.
Please see below for more guidance on how we judge the impact and which vulnerabilities we consider out of scope.
Examples of Vulnerabilities Impact:
High Impact:
- Remote code execution (RCE) vulnerabilities that allow an attacker to execute code on the server without authorization.
- Authentication bypass vulnerabilities that allow an attacker to bypass authentication mechanisms and gain unauthorized access to sensitive resources.
- SQL injection vulnerabilities that allow an attacker to inject malicious SQL code into a database query and manipulate or retrieve sensitive data.
Medium Impact:
- Cross-site scripting (XSS) vulnerabilities that allow an attacker to inject malicious scripts into a web page viewed by other users.
- Cross-site request forgery (CSRF) vulnerabilities that allow an attacker to forge a request to a web application that is executed in the context of an authenticated user.
- Denial-of-service (DoS) vulnerabilities that allow an attacker to overload a server or application by sending a large number of requests or exploiting a resource exhaustion issue.
Low Impact:
- Information disclosure vulnerabilities that allow an attacker to obtain sensitive information about a system or user without authorization.
- Session fixation vulnerabilities that allow an attacker to manipulate a user's session ID and gain unauthorized access to sensitive resources.
- Weak password policies that allow an attacker to guess or brute-force user passwords and gain unauthorized access to sensitive resources.
Out of Scope Vulnerabilities
The following types of vulnerabilities are considered out of scope:
- Known and registered vulnerabilities
- Low-risk exposure vulnerabilities that can be addressed in due time
- Vulnerabilities that provide specific bits of information to the internet, but do not have a security impact on the application, host, or environment
- Vulnerabilities found in Cleeng's test environments
Updated over 1 year ago