Target Policy

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• MongoDB Driver: Go

  OTHER

  critical
• MongoDB Driver: Node.js

  OTHER

  critical
• *.forums.realm.io/*

  URL

  critical
• MongoDB Driver: Python

  OTHER

  critical
• Python Driver

  OTHER

  critical
• MongoDB Driver: Rust

  OTHER

  critical
• MongoDB Driver: .NET

  OTHER

  critical
• MongoDB Driver: Ruby

  OTHER

  critical
• Kafka Connector

  OTHER

  critical
• *.cloud.mongodb.com/*

  OTHER

  critical
• mongodb.live/*

  URL

  critical
• .NET Driver

  OTHER

  critical
• Relational Migrator

  OTHER

  critical
• Spark Connector

  OTHER

  critical
• VS Code Plugin

  OTHER

  critical
• C Driver

  OTHER

  critical
• Compass

  OTHER

  critical
• Ruby Driver

  OTHER

  critical
• All Evergreen Assets (Excluding staging)

  OTHER

  critical
• MongoDB Driver: C++

  OTHER

  critical
• MongoDB Cluster-To-Cluster sync

  OTHER

  critical
• MongoDB Driver: C#

  OTHER

  critical
• Node.js Driver

  OTHER

  critical
• https://www.*mongodb.com/*

  ---

  The following domains fall under the \*.mongodb.com/\* domain:
  * \*.corp.mongodb.com/\*
  * \*.infosec.mongodb.com/\*
  * \*.marian.mongodb.com/\*
  * \*.transport.mongodb.com/\*
  * \*.students.mongodb.com/\*
  * \*.dev.mongodb.com/\*
  * \*.support.mongodb.com/\*
  * \*.compass.mongodb.com/\*
  * \*.university.mongodb.com/\*
  * \*.blog.mongodb.com/\*
  * \*.api.mongodb.com/\*

  There are domains that fall under the \*.mongodb.com/\* that are out of scope. Please refer to out of scope section

  PLEASE NOTE eligible subdomain takeover reports may be rewarded at a percentage of the severity reward payout.

  URL

  critical
• MongoDB Driver: Swift

  ---

  Please note as per https://www.mongodb.com/docs/drivers/swift/
  The Swift driver is no longer under active development as of 2022.

  OTHER

  none
• Java Driver

  OTHER

  critical
• MongoDB BI Connector

  OTHER

  critical
• MongoDB Driver: Java

  OTHER

  critical
• MongoDB Owned GitHub Repositories

  ---

  MongoDB GitHub related reports are encouraged however, eligible reports may be rewarded at a percentage of the severity reward payout.

  OTHER

  critical
• Rust Driver

  OTHER

  critical
• Cluster-To-Cluster sync

  OTHER

  critical
• C# Driver

  OTHER

  critical
• GO Driver

  OTHER

  critical
• PHP Driver

  OTHER

  critical
• C++ Driver

  OTHER

  critical
• MongoDB Driver: PHP

  OTHER

  critical
• MongoDB Kafka Connector

  OTHER

  critical
• MongoDB Realm SDKs

  OTHER

  critical
• MongoDB Spark Connector

  OTHER

  critical
• MongoDB VS Code Plugin

  OTHER

  critical
• MongoDB Relational Migrator

  OTHER

  critical
• MongoDB Server Local Instance

  OTHER

  critical
• https://*.corp.mongodb.com*

  WILDCARD

  critical
• MongoDB Compass

  OTHER

  critical
• MongoDB Shell

  OTHER

  critical
• MongoDB Driver: C

  OTHER

  critical
• artifactory.corp.mongodb.com/

  URL

  critical

Target Scope Domains

• artifactory.corp.mongodb.com
• corp.mongodb.com
• forums.realm.io
• mongodb.live
• www.mongodb.com

• 547 Subdomains
• 8 Endpoints
• Download wordlist

Last Finished Scan: