Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
 1,703,148 coordinated disclosures
1,382,525 fixed vulnerabilities
1,989 bug bounty programs, 3,917 websites
46,834 researchers, 1,651 honor badges

OpenBugBounty.org > Bug Bounty List > AndalucíaCERT Bug Bounty Program

AndalucíaCERT Bug Bounty Program

AndalucíaCERT runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of AndalucíaCERT

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between AndalucíaCERT and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

*.juntadeandalucia.es

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

At AndalucíaCERT, we understand that security is essential in maintaining the trust that Andalusian people place in their Government. Although our team works vigilantly to help keep information and systems secure, we recognize the important role that security researchers. If you are a security researcher and have discovered a security vulnerability in our website, we ask for your help in disclosing it to us in a responsible manner.

If you discover a site vulnerability, please notify us via OpenBugBounty website or emailing us to atencion.cert[at]juntadeandalucia.es. We encourage you to encrypt sensitive information; please see below for our public PGP key.

Testing Requirements:

Any vulnerability reports are welcome. When reaching out to us, please include:

- A detailed summary of the issue, including a list of steps for how we can reproduce it.
- Correct contact information, such as an email address, by which we can reach you in case we need more information.

We believe that responsible disclosure involves privately notifying us of any security vulnerabilities, and allowing us appropriate time to diligently address the vulnerabilities. We appreciate these types of research activities, but will not tolerate any actions that put our users or systems at risk:

- Do not attempt to access, modify, destroy, or disclose our users' information.
- Do not attempt to deface or degrade our services.
- Do not use security scanners against our net.
- Do not violate applicable law.

Possible Awards:

There are no awards contemplated, but if you can help us then thank you for your efforts.

Special Notes:

We encourage you to encrypt sensitive information you send to us as a part of your vulnerability disclosure. You can use our PGP key to send us sensitive information via atencion.cert[at]juntadeandalucia.es:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQINBFiZkxQBEADA04IxlQuBrhFBF7yuIWrGrnIJ5aGBNvYYMDNz/n5m24FYNLBK
lyTsg5NYJew0TcDZEQ/R4VLV3i+ICh1jQB9HmOmJJcncFte7ou+td2g20HrOXYnb
tgPHVVFnkJcmUim+wkOyPB5I55zFMpFX7kGHh9xMs0X0+q9DIRqDgGfpK8svLUgr
/EL7R0uXmKkh4fRPVjpXGdpKWFgUSTDPWsEtD7h0M9XCMx+qfxwzCMRhWZ4qN2Np
jd7m6m3DqtoVma7Qj4BkPMmGZ4XM3/GtoJXB0KjXR0LYpTZbY8ffqMxuGOzUVPgb
3FWAo7bXUMMXigmeLv3mKM8kCBQJ7zDoDmtcOFALY6pRZUtStUHRl2j2nxFfDhY4
OKSAnOtGm0KTA2V1DEqUJoaPRAh2fUX59pnN+qbUjluWY1IolYkgwwikPQvRIbSl
VsYZ1A8Gyn/uZWTMPY32WAlspDfpUIQ/h3dWlZUXgcySAffnIkGl4GFbN5DWLaod
vCt8Xb5Rt2oIh/tCLBdJHvh4ukHlKjxGIPJepmkPJzc5+d3P29tH+pCShZT7Rx90
uijkss1ojlMORof3BYk1Nf8mo861TFxBLJryvQj71BlOC/USmvbcj2ck8A7d4u/p
euI4Dg5UXcBi806wtoTX3xXAQmafF0qPHhmRZBNynAj71FixXd4ZMGzpnQARAQAB
tEdBdGVuY2nDs24gYSB1c3VhcmlvLiBBbmRhbHVjw61hQ0VSVCA8YXRlbmNpb24u
Y2VydEBqdW50YWRlYW5kYWx1Y2lhLmVzPokCPwQTAQIAKQUCWJmTFAIbIwUJCWYB
gAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJ0klPjkB+BJRAMQAJ1doCng
JzwGZwoEvbPe7XnJCMBoK7jWJlM6Vvx44O1iuqM57qJ6mfLIJ3CkLtlIw2MPde3y
sTISpgSXkeyupjf4iS7VUMk/jAss8CZmDHs32npqKWNtB+FDt13TYkUa+8cEGXlX
Z0Mm3cznsQyfosh4Cps5VIjSdLiNuh6wxARBsUa06dM+0GMYDjYLZbQXkjWNbVNP
gsZ/XckJ6G4oAAljf8oz/ssBXsdWQl4ypCkasYwoM7hGPd1B7MleinW1rXqsyMFd
FRbDSa35YBa0zZdA27lypXEj/f/qEuOkEckoc2dzQu6CIWkv9mY0ZIVCw9qbl7z/
jAYKhrni0zUwnS7+JBk6ZB92LoC3trgqMOOfhNd3GwM6XTB01zs6IHcCNKmSiy2F
uv7y7bOh/w8AThQ+NEDTvWxg/PHX+8E8C+RAoMiHxJkeCsG/3lZD0ZW5t2HIOf1O
tYN+mSSS7LtHp88S/BFp6H7XBLRNjUAnC7zjVoIBe9ctY1UqYlWY0GRdSoc4Oh2/
Cikj99e6qgCxUWPA3tx5cpBK1yCs7NaHt+QeDZvzugEl74+rpZoVHc+xAA8c+GkY
NYgGDMlHu00UgsQBJ7tPUKR30Q7kA3GUea4ka0RtGwOVAm9SmUfyKUZKjD0V9rvc
uXWMmwwAHrnGdGAuadmZ2ltIxVvHhmmpAbl2uQINBFiZkxQBEADEcFIGZBYtjKLo
vRuigynYX0JY+nkaoU52Wy8DTSRUZHlMGqGjuhAA9IpdNNBRO1ABUpx5u9DK85NM
dorx7sVprUFOA7Q6mpHyUXL1Lz9IkfMl/flNoC8XzCjmYbN9GC3oxSjl0JIkn42s
+9ktUNTf3WoraXkl3SAlZB+vH8nVnL/YEhnc1wuPx7UAKU4wWFhJaPkci99p3qwO
Sujlcf1pZNL4wKu0XX44gRUwKfLf4UGbZ4o1kgRLBx9CosUhgXCDa1NH9+cOlUiO
0bj4mNAr3KhCJGWT+XqQlGIDYPyhIgQRx5x6ok2JKqkMdqoxT4gQx2OiXwhYLwtc
0efxG34Yg3bFiuzfZ9eshNmphPuPpjMMnEaD+BWskCr95dLx5JBeHXN9ymtirl/r
bzF6gNEePwf2P0yOGvwWscQHONGi7wVDIn8QXnV5XK/RX//dAxuXzBnBn7J66BLu
iz0JXKX3KL4Tq4p2NragDJkl2vltXQFhHYXndNSy4Ee1JK8t+q/+Bhdy98OUnecp
XA5FV9JqwWJs+FCVjSCoUBdPMKRhe0K/jrpKFf6TVW5ptFKzuEcnUbckphR2FDq7
M0G3VmdjhDoJ+V96XJ2Z6MKkCzAaGA2RYyg6m1DjjmGT2jiOqt03b2KFsTW1SQUm
nJskgKW3s8bufEDi/eSCBepdGoT5SQARAQABiQIlBBgBAgAPBQJYmZMUAhsMBQkJ
ZgGAAAoJEJ0klPjkB+BJQGIP/1JrR/RgApnmoFFatRq96LNC1NktqnUDi7UfU9NH
F9vttqc06/vsRQpAlVGOq8R6IGUfPv17OC6Tn7LOEHUOJtzz9LMTcrhzRVAvzrs+
GmBhMLyDzcCf0O/+Z405vrvZ3PG/MJ+J1iC7XdM0RR3GpEicYGWFlMP9rE3NIYN1
1zL4Qpnd4R68JS9+faB884mrotTAwglhvepKGsxFvHfvHRn23Qh7QS9yVqR8HhNs
mn7C06TsQWeWqG+8FtPZr2VFFC2nhUMD7uxqo6N0O1dEjmgSNxCcKsNdjWQW7Qbr
Xhs1GSFes56/U8TuwwBjnkq6cKwFV1hNVi06KQIMJpdxPwTCqtYbaoTGTDmKtgOW
uHY+kKP+I3zRemnH2D8dTHQNZUXTkCb5rsKNUBRcgUEKxnRIZA7ry1uznnsud+C/
rC3Y8xj5Oq9PJ6h0Osomgrey5pUVN5XglUi2Zv6sVyrvdmA/fhflos1gXhx6gJJD
SYT1gNpbXxsW80QpLJnmVUKteIr1icRGY5iq/fFjmkzgieGc+pSBGS6JhNaBn3ob
QNmot/JpLl/2l2k0xUYncZA0/gs+iZQrewKiuyvSMMVVwyzxXa+GEb1pI6plh6tL
srexBypqm7widzG5iWC00u89K2lSItq6vpqGBGZ3yxJBthb1lJ1xNDFrVOdv4xmr
VVe0
=ONQi
-----END PGP PUBLIC KEY BLOCK-----

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 19.04.2024 mlsi.gov.cy
 19.04.2024 biblioteca.m...erere.edu.ec
 18.04.2024 recycleright.sa.gov.au
 17.04.2024 maps.bolton.gov.uk
 16.04.2024 fishwatch.gov
 16.04.2024 renewableenergy.gov.bd
 15.04.2024 iowaattorneygeneral.gov
 14.04.2024 camaracastel...co.sc.gov.br
 13.04.2024 lit.am
 13.04.2024 overnewton.vic.edu.au

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    10 April, 2024
    Mars:
Hatim uncovered a XSS bug that we were able to quickly resolve. Thanks very much for your assistance and help.
    8 April, 2024
    Panthermedia:
Thanks to the support of Hatim Chabik, we were able to identify and solve an XSS bug.
    5 April, 2024
    pubpharm:
Pooja found a XSS vulnerability on our website and provided us with the needed Information for replication and fixing the issue. Which she verified afterwards.
We thank her for the reporting and assistance.
    2 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
    20 March, 2024
    TechVitaverdura:
Great exchanges with this person, thank you for your help and your report
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines

2023 © OpenBugBounty
  • Follow us