Mapbox HackerOne
Target Policy
https://hackerone.com/mapbox?type=teamStructured Scope
-
Asset Identifier
Asset Type
Max Severity
-
https://www.mapbox.com/mapbox.js/
Mapbox.js open source SDK
SOURCE_CODEcritical -
https://github.com/mapbox
Mapbox has 700+ public Github repositories that are within scope, though only reports that can be actively exploited on Mapbox infrastructure will be eligible for a monetary bounty.
Submissions on assets containing the "Mapbox" name but not owned by Mapbox are not eligible for bounty.
Some repositories in the Mapbox GitHub organization may contain experimental code and are not eligible for a bounty.* Please submit any open source security issues directly to HackerOne, do not open security-related issues on public Github repositories.
* Please send any questions about the eligibility of an open source repository to security@mapbox.com.A few of our popular open-source repositories:
[node-pre-gyp](https://github.com/mapbox/node-pre-gyp) | [carmen](https://github.com/mapbox/carmen)SOURCE_CODEcritical -
Submissions on out-of-scope assets listed below will be closed as N/A
- `status.mapbox.com` - please instead report to the [StatusPage.io bug bounty program](https://bugcrowd.com/statuspage)
- `email.mapbox.com`
- [Mapbox Studio Classic](https://docs.mapbox.com/help/glossary/mapbox-studio-classic/)
- [Tilemill](https://www.mapbox.com/tilemill/)
- [Legacy iOS SDK](https://github.com/mapbox/mapbox-ios-sdk-legacy)
- [Legacy Android SDK](https://github.com/mapbox/mapbox-android-sdk-legacy)
- [decrypt-kms-env](https://github.com/mapbox/decrypt-kms-env) - not actively maintained
- [tilelive](https://github.com/mapbox/tilelive) - not actively maintained
- [osm-navigation-map](https://github.com/mapbox/osm-navigation-map)(deprecated)OTHERnone -
api.mapbox.com
Our APIs are the primary interface to Mapbox for many of our customers, and all actions a customer can take on their account run through them.
URLcritical -
https://www.mapbox.com/mapbox-gl-js/
Mapbox GL JS is a JavaScript library that uses WebGL to render interactive maps from vector tiles and Mapbox styles. It is part of the Mapbox GL ecosystem, which includes Mapbox Mobile, a compatible renderer written in C++ with bindings for desktop and mobile platforms.
SOURCE_CODEcritical -
https://docs.mapbox.com/
Mapbox developer documentation that provides comprehensive guides and references services.
- [Accounts Service APIs](https://docs.mapbox.com/api/accounts/)
- [Maps Service APIs](https://docs.mapbox.com/api/maps/)
- [Navigation Service APIs](https://docs.mapbox.com/api/navigation/)
- [Search Service APIs](https://docs.mapbox.com/api/search/)
- [Ask-ai](https://docs.mapbox.com/ask-ai/ )URLhigh -
https://docs.mapbox.com/ios/maps/overview/
[Maps SDK for iOS](https://docs.mapbox.com/ios/maps/overview/)
SOURCE_CODEcritical -
https://docs.mapbox.com/android/
[Maps SDK for Android](https://docs.mapbox.com/android/maps/overview/)
[Navigation SDK for Android](https://docs.mapbox.com/android/navigation/overview/)SOURCE_CODEcritical -
geojson.io
Geojson.io is considered deprecated and no longer maintained. The original developer has forked the code and maintains https://github.com/GeoJSON-Net/GeoJSON.Net. As such, Mapbox considers https://geojson.io to be out of scope for our security program.
URLnone -
https://docs.mapbox.com/api/
The Mapbox web services APIs allow for programmatic access to Mapbox tools and services.
- [Accounts Service APIs](https://docs.mapbox.com/api/accounts/)
- [Maps Service APIs](https://docs.mapbox.com/api/maps/)
- [Navigation Service APIs](https://docs.mapbox.com/api/navigation/)
- [Search Service APIs](https://docs.mapbox.com/api/search/)URLcritical -
www.mapbox.com
- https://mapbox.com
- https://studio.mapbox.com/
- https://account.mapbox.com/
- https://console.mapbox.com/URLcritical
Target Scope Domains
- api.mapbox.com
- docs.mapbox.com
- www.mapbox.com
Tech Stack
Running Scans:
-
Scan NameFleetStateStarted
-
- Fleet: allkxss
- State: Running
- Started: 4 months ago
Last Finished Scan:
- Fleet: allkxss
- Duration: 23.52 Minutes
- Finished: 4 months ago