4251cf3bb29fffb7cc9e3ebb893c344c5202406f default

CloudFlare Vulnerability Disclosure Policy

We take security, trust, and transparency seriously. CloudFlare appreciates the work of security researchers and has developed a program to make it easier to report vulnerabilities to CloudFlare and to recognize you for your effort to make the Internet a better place. This policy provides our guidelines for reporting vulnerabilities to CloudFlare.

If you believe you have found a security vulnerability that could impact CloudFlare or our users, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. We ask that you follow CloudFlare's Vulnerability Disclosure Policy and HackerOne's Disclosure Guidelines and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.

Scope

Any web properties owned by CloudFlare are in scope for the program. Including:

  • *.cloudflare.com

Vulnerabilities for StopTheHacker should be reported at https://hackerone.com/stopthehacker.

CloudFlare customer sites are out of scope for our Vulnerability Disclosure program.

If you are a customer and have a password or account issue, please contact CloudFlare support. For abuse issues or law enforcement inquiries, please review our Abuse policy.

Eligibility and Disclosure

In order for your submission to be eligible:

  • You must agree to our Vulnerability Disclosure Policy.
  • You must be the first person to responsibly disclose an unknown issue.

All legitimate reports will be reviewed and assessed by CloudFlare's security team to determine if it is eligible.

As mentioned in our Privacy and Security Policy, CloudFlare's website and services are not intended for, or designed to attract, individuals under the age of 18. Due to the Children's Online Privacy Protection Act (COPPA), we cannot accept submissions from children under the age of 13. Reporters under the age of 18 will not be eligible to receive CloudFlare service rewards. We will find another way to recognize your effort.

Rewards

For each eligible vulnerability report, the reporter will receive:

  • Recognition on our Hall of Fame.
  • A limited edition CloudFlare bug hunter t-shirt. CloudFlare employees don't even have this shirt. It's only for you all. Wear it with pride: you're part of an exclusive group.
  • 12 months of CloudFlare's Pro or 1 month of Business service on us.

Monetary compensation is not offered under the program.

Exclusions

The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

  • Physical attacks against CloudFlare employees, offices, and data centers.
  • Social engineering of CloudFlare employees, contractors, vendors, or service providers.
  • Knowingly posting, transmitting, uploading, linking to, or sending any malware.
  • Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
  • Any vulnerability obtained through the compromise of a CloudFlare customer or employee accounts. If you need to test a vulnerability, please create a free account.
  • Being an individual on, or residing in any country on, any U.S. sanctions lists.
Now
CloudFlare rewarded max with swag.
19 days ago
CloudFlare resolved a bug that was submitted by max.
19 days ago
CloudFlare rewarded pentagramz with swag.
23 days ago
CloudFlare resolved a bug that was submitted by anshuman_bh.
24 days ago
CloudFlare resolved a bug that was submitted by pentagramz.
24 days ago
CloudFlare rewarded filedescriptor with swag.
25 days ago
CloudFlare resolved a bug that was submitted by filedescriptor.
25 days ago
CloudFlare resolved a bug that was submitted by niwasaki.
About 2 months ago
CloudFlare resolved a bug that was submitted by robin031.
About 2 months ago
CloudFlare resolved a bug that was submitted by n0de.
About 2 months ago
CloudFlare resolved a bug that was submitted by yashpandya.
About 2 months ago
CloudFlare resolved a bug that was submitted by mohammed-fayez.
3 months ago
CloudFlare resolved a bug that was submitted by ikki.
3 months ago
CloudFlare resolved a bug that was submitted by ddworken.
3 months ago
CloudFlare resolved a bug that was submitted by weavertheme.
3 months ago
CloudFlare resolved a bug that was submitted by jitendra.
5 months ago
CloudFlare resolved a bug that was submitted by czetter.
6 months ago
CloudFlare resolved a bug that was submitted by dotspoted.
9 months ago
CloudFlare resolved a bug that was submitted by marzouki.
10 months ago
CloudFlare resolved a bug that was submitted by etmsys.
10 months ago
CloudFlare resolved a bug that was submitted by jimaek.
11 months ago
CloudFlare resolved a bug that was submitted by shahmeer_amir.
11 months ago
CloudFlare resolved a bug that was submitted by donb.
11 months ago
CloudFlare resolved a bug that was submitted by ng1.
11 months ago
CloudFlare resolved User's data leak that was submitted by sergeybelove.
12 months ago
CloudFlare resolved a bug that was submitted by haiderm.
12 months ago
CloudFlare resolved a bug that was submitted by vineet.
About 1 year ago
CloudFlare resolved a bug that was submitted by occupe.
About 1 year ago
CloudFlare resolved a bug that was submitted by thoros.
About 1 year ago
CloudFlare resolved a bug that was submitted by krutarth.
About 1 year ago
CloudFlare resolved a bug that was submitted by vineet.
Updated About 1 year ago
CloudFlare resolved a bug that was submitted by bigbear.
About 1 year ago
CloudFlare resolved a bug that was submitted by coolsidx.
About 1 year ago
CloudFlare resolved a bug that was submitted by szgru.
About 1 year ago
CloudFlare resolved a bug that was submitted by fransrosen.
About 1 year ago
CloudFlare resolved a bug that was submitted by testalways.
About 1 year ago
CloudFlare resolved a bug that was submitted by neal.
About 1 year ago
CloudFlare resolved a bug that was submitted by gizmo.
About 1 year ago
CloudFlare resolved a bug that was submitted by neal.
About 1 year ago
CloudFlare resolved a bug that was submitted by introvertmac.
About 1 year ago
CloudFlare resolved a bug that was submitted by neal.
About 1 year ago
CloudFlare resolved a bug that was submitted by ankitbharathan.
About 1 year ago
  • 82
    Hackers thanked
  • 65
    Bugs closed