Security Disclosure Policy
This page describes how to responsibly report a vulnerability. We greatly appreciate all endeavors in helping us secure our platform.
How to report vulnerabilities:
Send an email to security@seetickets.nl describing a security issue within scope.
Domain scope:
*.nl
*.eu
*.paylogic.*
Vulnerability scope:
- high or critical severity or score (CVSS)
- potentially disruptive
- unattended exposure of sensitive data
What to report:
- description and link to the CVE if possible
- affected subdomains or FQDNs
- how to reproduce
- we are open to hearing your ideas about improvements
A team of security engineers will analyze the issue, and if it turns out to be notable, we will get back to you within a few working days.
Bug Bounty:
See Tickets currently does not offer a paid bug bounty program, however there is a discussion about implementing it.
We would like to thank and acknowledge those who invested time and effort into responsibly reporting their findings to us.
Hall of Fame:
omri.bounty@gmail.com - found a stale DNS record pointing to Amazon IP we don't use anymore enabling an attacker to potentially misuse accounts