Submit bug report: https://getadmiral.com/@getadmiral
Admiral provides publishers with a suite of products aimed at engaging and recovering adblock users.
No technology is perfect, and Admiral believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly. Please review the following program rules before you report a vulnerability. By participating in this program, you agree to be bound by these rules.
Scopes
The following domains and applications are within the scope of this program:
*.getadmiral.com
*.levenlabs.com
JS script (provided via property's install page)
Third-party applications that are hosted on a subdomain are eligible for our program. Only severe vulnerabilities that affect our users, service, or infrastructure will be accepted for third-party applications and others will be reported/forwarded to the third-party vendor for the application.
Disclosure Policy
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Vulnerabilities that are exposed publicly as a part of putting together a proof of concept (e.g. website defacement, stored XSS on a public site) are not eligible for a bounty.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
Exclusions
While researching, we'd like to ask you to refrain from:
Denial of service to Admiral services or customers' services
Degrading performance or service of Admiral services or our customers' services
Spamming (even self-spamming)
Social engineering (including phishing) of any Admiral staff or contractors
Any physical attempts against Admiral or Admiral customers' property or data centers
Accessing private information of Admiral customers
Eligibility
In order to be eligible for a bounty, you must meet the following requirements:
You must be the first reporter of the vulnerability
Vulnerability must be associated with a domain or application listed above and not applicable to the above exclusions
You must not publicly disclose the vulnerability without our prior discretion
Vulnerability must have a clearly identified security impact and presented with enough information for investigation and reproduction by Admiral staff
Any vulnerabilities reported with the following criteria are not eligible for a bounty:
Affecting an ineligible scope
Bugs caused by a third-party website that our JS client is embedded on
Only affecting outdated browsers/platforms
Only affecting the executing user (self-XSS and similar)
Caused by misbehaving third-party software/website
Applicable only through social engineering
Pretense being you already have access to affected account (or user's browser)
Vulnerabilities considered by Admiral to be of low severity
Fine Print
Admiral will determine in its own discretion whether a reward should be granted and the amount of the reward. Depending on their impact, not all reported issues qualify for a monetary reward. However, all reports are reviewed on a case-by-case basis.
You must comply with all applicable laws in connection with your participation in this program. You are also responsible for any applicable taxes associated with any reward you receive.
Thank you for helping keep Admiral and our users safe!
Domains
getadmiral.com
