Moneybox Bug Bounty

Summary

Moneybox Bug Bounty seems to have a Bug Bounty or Vulnerability Disclosure program managed at YesWeHack. Our bots had reported us they appear to be offering rewards 💸 💰 👀.

As this page is programmatically generated, we do not guarantee the accuracy or completeness of the data and cannot be held liable for any errors or omissions. Users are advised to verify the information directly from the official sources before taking any action based on the content found on this website.

References

https://yeswehack.com/programs/moneybox-bug-bounty

In Scope

https://api.moneyboxapp.com/

https://admin.moneyboxapp.org/

https://admin-roundups.moneyboxapp.org/

https://apps.apple.com/gb/app/moneybox-save-and-invest/id1049797239

https://play.google.com/store/apps/details?id=com.moneyboxapp

https://sycamore.moneyboxapp.org/

Out of Scope

The Moneybox public website https://www.moneyboxapp.com/ and other moneyboxapp.com / moneyboxapp.org domains not listed are out of scope.

Content served by the Cloudflare Access service (https://moneyboxapp.cloudflareaccess.com/*) is out of scope. These pages intentionally do not set a CORS Allow-Origin policy. We have seen this reported several times as a vulnerability, but it is intended behaviour and is considered out of scope.

Security concerns originating from https://moneyboxapp.onelogin.com/ are typically considered out of scope. These pages and their content are served by OneLogin, and any issues should be reported to them directly. However, if an exploit explicitly enables bypassing OneLogin to access Moneybox systems or leaking Moneybox sensitive data, it is crucial to raise the concerns to both OneLogin and Moneybox.