Join our Bug Bounty Program

Nebeus Bug Bounty Programme
Bonus Program - ✫
Nebeus Digital bank

Scope ...

The point of focus on the vulnerability must be on confidentiality, integrity, and traceability. The availability of the scope is not covered by this bounty (no denial of services is allowed). Only exploitable vulnerability are covered. A proof of concept must be provided regarding the vulnerability in the report.

Python, React, React Native etc... - ✫
Bounty terms
Our security team will review each committed finding and establish communication as soon as possible to reproduce and solve the reported vulnerability. Please allow 5 working days for our initial response. We ask you to make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.
  1. You must agree and comply to our Program rules
  2. You must not publicly disclose the vulnerability without our consentment
Your reward
cvss score
0.1 - 3.9
4.0 - 6.9
80 €
7.0 - 8.9
300 €
9.0 - 10.0
300 €

The registration process is outside of the scope of the bounty. If you want your account to be successfully created, you must provide correct information. The system will deny the registration if it detect abnormal information.

In case of problem, you can send a mail to [email protected]

Nebeus Bug Bounty Program

Out of scope

  • IaaS API
  • Social engineering of Outscale employees and contractors
  • Attack against Outscale office (malware, backdoor, DoS, …)
  • Vulnerabilities which are already publicly known or variations of such
  • Denial of service attacks
  • Vulnerabilities on other product or service than Cockpit
  • Issues in our DNS and NTP
  • Issues not leading to a confidentiality, traceability or integrity problem. You can report it to [email protected] This can help you to have a better experience and help you in your research
  • Same behavior as Amazon Web Services


  • Broken Authentication and Session Management
  • Cross Site Scripting (XSS)
  • Insecure Direct Object Reference
  • Sensitive Data Exposure
  • Security Misconfiguration
  • Missing Function Level Access Control
  • Cross Site Request Forgeries
  • Using Components With Known Vulnerabilities
  • Unvalidated Redirects and Forwards
Nebeus Bug Bounty Program
Keep in mind this is a production environment,no data alteration are allowed inside Nebeus infrastructure or on Nebeus user account, and, therefore,you mustn’t affect the availability of the platform.

To report a bug, email our security team: Chat with Development Team