Program Overview
Atlassian-Built Apps runs a bug bounty program on Bugcrowd with a maximum payout of $4,000. The program has 289 in-scope assets and is managed by Bugcrowd's triage team.
289
In-Scope Assets
$4,000
Max Payout
In-Scope Assets
| Asset | Type | Max Severity | Eligible |
|---|---|---|---|
| https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloudhttps://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter | OTHER | ||
| https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview | OTHER | ||
| https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview | OTHER | ||
| https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1212137/assets?hosting=server | OTHER | ||
| https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud | OTHER | ||
| https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud | OTHER |
Showing 50 of 289 in-scope assets. View all on Bugcrowd.
Out-of-Scope Assets
- https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud
- https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud
- https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server
- https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up
- https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits
- https://trello.com/power-ups/55a5d917446f517774210012/card-aging
- https://trello.com/power-ups/55a5d917446f517774210013/voting
- https://marketplace.atlassian.com (Website)
- https://trello.com/power-ups/*
Tips for Hacking Atlassian-Built Apps
- Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
- Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
- Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
- Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
- Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.
Frequently Asked Questions
How do I start hacking Atlassian-Built Apps?
Sign up on Bugcrowd, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.
Does Atlassian-Built Apps pay bounties?
Yes, Atlassian-Built Apps offers monetary rewards for valid security vulnerabilities.
What types of vulnerabilities does Atlassian-Built Apps accept?
Atlassian-Built Apps accepts reports for vulnerabilities found in their 289 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.