Author Topic: Chase Bug Bounty  (Read 7345 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Chase Bug Bounty
« on: June 09, 2023, 06:55:05 pm »
submit bug report: https://responsibledisclosure.jpmorganchase.com/hc/en-us

Responsible Disclosure Policy:
This page is for security researchers interested in reporting application security vulnerabilities.

If you have reported an issue determined to be within program scope, is determined to be a valid security issue, and you have followed program guidelines, the JPMorgan Chase Responsible Disclosure Program will recognize your finding and you will be allowed to disclose the vulnerability after a fix has been issued.


Typical Vulnerabilities Accepted:
OWASP Top 10 vulnerability categories
Other vulnerabilities with demonstrated impact


Typical Out of Scope:
Theoretical vulnerabilities
Informational disclosure of non-sensitive data
Low impact session management issues
Self XSS (user defined payload)
For a full list of program scope please visit the JPMorgan Chase Responsible Disclosure details page.


Responsible Disclosure Guidelines:
Adhere to all legal terms and conditions outlined at ResponsibleDisclosure.JPMorganChase.com
Work directly with the JPMorgan Chase Responsible Disclosure Program on vulnerability submissions
Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity or availability of information and systems
Do not engage in social engineering or phishing of customers or employees
Do not request compensation for time and materials or vulnerabilities discovered