Responsible Disclosure
At Mintlify, we care deeply about the safety and security of our customer's data. We greatly value inputs from our community that can help us detect vulnerabilities in our product and services.
How to report an issue
If you have discovered an issue or vulnerability that is in-scope (see below), please send an email to security@mintlify.com with the following details.
- A summary of the vulnerability and potential impact
- Steps to reproduce the issue, including screenshots
- Details of your environment including OS, browser, and device details
- If possible, proof-of-concept code to exploit the vulnerability
Upon receiving your email, our team will conduct an investigation. We will update you on our progress, and may request further details if needed.
Of course, we will offer a reward efforts that depend on the severity of the vulnerability. A vulnerability with a CVSS score of 4 or higher and have been previously unidentified will be guaranteed financial compensation.
All other original reports will be considered, and the reward may range from being featured in our security page or financial compensation.
In scope
- https://mintlify.com
- https://dashboard.mintlify.com
- https://leaves.mintlify.com
- Mintlify GitHub apps
Out-of-scope
- Automated scanning
- Social engineering, particularly involving Mintlify employees
- Brute force attacks
- DDOS attacks
- Clickjacking on pages with no sensitive actions
- Theoretical attacks without proof of exploitability
- Attacks requiring physical access to a victim’s device
- Denial of service attacks
We kindly ask you
- Test the vulnerability on your own account. If testing on another account, make sure to have requested explicit permission
- Do not copy or destroy production data
- Do not engage in activities that will cause downtime for our services
- Avoid violations to our privacy policies, terms of service, and other data privacy regulation
- Do not make the vulnerability public before reporting it to us via the procedures above, and giving us enough time to properly address the issue
Happy hacking 💚