Coda icon Coda HackerOne

Target Policy
https://hackerone.com/coda_bbp?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • https://staging.coda.io/*
    WILDCARD
    medium
  • https://coda.io/*
    WILDCARD
    critical
  • https://head.coda.io/*
    WILDCARD
    medium
  • https://infra.coda.io/*
    WILDCARD
    medium
  • Coda Chrome Extension

    Link: https://chrome.google.com/webstore/detail/coda-browser-extension/cdgkmagmdldlpiglliebaajdpdkigcbi?hl=en

    OTHER
    high
  • codahosted.io
    URL
    critical
  • status.coda.io
    URL
    none
  • https://shiny.ops.coda.io/*
    WILDCARD
    medium
  • io.coda

    Link: https://apps.apple.com/us/app/coda/id1397968110

    Coda's native apps make heavy use of the same endpoints and UX that's used by the mobile website. That being said, there are some differences and we invite security reports pertaining to our iOS and Android apps. Please be sure to follow the same guidelines for setting up an account in our mobile apps as on https://coda.io.

    APPLE_STORE_APP_ID
    critical
  • https://*.coda.io/*
    WILDCARD
    medium
  • https://airflow-prod.coda.io/*
    WILDCARD
    medium
  • https://airflow-prod.ops.coda.io/*
    WILDCARD
    medium
  • http://coda.io/*
    WILDCARD
    critical
  • http://airflow-prod.coda.io/*
    WILDCARD
    medium
  • http://data.coda.io/*
    WILDCARD
    medium
  • http://head.coda.io/*
    WILDCARD
    medium
  • http://infra.coda.io/*
    WILDCARD
    medium
  • http://airflow-prod.ops.coda.io/*
    WILDCARD
    medium
  • http://shiny.ops.coda.io/*
    WILDCARD
    medium
  • http://staging.coda.io/*
    WILDCARD
    medium
  • http://user-profile-prod.coda.io/*
    WILDCARD
    medium
  • http://*.coda.io/*
    WILDCARD
    medium
  • https://data.coda.io/*
    WILDCARD
    medium
  • codacontent.io
    URL
    critical
  • https://user-profile-prod.coda.io/*
    WILDCARD
    medium
  • https://user-profile-test.coda.io/*
    WILDCARD
    low
  • io.coda.codaapp

    Link: https://play.google.com/store/apps/details?id=io.coda.codaapp

    Coda's native apps make heavy use of the same endpoints and UX that's used by the mobile website. That being said, there are some differences and we invite security reports pertaining to our iOS and Android apps. Please be sure to follow the same guidelines for setting up an account in our mobile apps as on https://coda.io.

    GOOGLE_PLAY_APP_ID
    critical
  • coda.grammarly.com

    Grammarly Coda AI Editor

    URL
    critical
  • https://coda.io/signup/email

    Please use your HackerOne designated email when signing up (**`@wearehackerone.com`**), and furthermore please avoid any automated testing or brute-forcing as that may lead to your accounts or IP getting locked out and also create issues on our end.

    URL
    critical
Target Scope Domains
  • airflow-prod.coda.io
  • airflow-prod.ops.coda.io
  • coda.grammarly.com
  • coda.io
  • codacontent.io
  • codahosted.io
  • data.coda.io
  • head.coda.io
  • infra.coda.io
  • shiny.ops.coda.io
  • staging.coda.io
  • user-profile-prod.coda.io
  • user-profile-test.coda.io
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-dnsenum-threaded
allsubs
5 days, 10 hours ago
Finished
auto-dnsenum-threaded
  • Fleet: allsubs
  • Duration: 54 Seconds
  • Finished: 5 days, 10 hours ago