No technology is perfect, and Queue-it believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue, please notify us at firstname.lastname@example.org. If your vulnerability report affects a product or service of Queue-it, you will receive a bounty for bringing the issue to our attention.
In addition, if you are interested in participating our Private Bug bounty program as a security researcher, please contact us.
Queue-it retains sole discretion in determining which submissions are qualified for a reward. The following issues are considered out of scope for this program:
- General low severity issues reported by automated scanners
- Exploits involving specific tenant's/customer's customized waiting pages: The management portal allows JS/HTML customization of queue pages by design
- Attacks requiring MITM or physical access to a user's device
- Brute force attacks
- CSRF vulnerabilities on unauthenticated forms or forms with no security impact
- Social engineering or phishing attacks targeting users or staff
- Software version disclosure / Banner identification issues
- The description of the security vulnerability
- Affected hosts/endpoints
- Steps to reproduce the issue
- Proofs (requests/responses, screenshots, etc)