No technology is perfect, and Queue-it believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue, please notify us at security@queue-it.com. If your vulnerability report affects a product or service of Queue-it, you will receive a bounty for bringing the issue to our attention.
In addition, if you are interested in participating our Private Bug bounty program as a security researcher, please contact us.Â
Queue-it retains sole discretion in determining which submissions are qualified for a reward. The following issues are considered out of scope for this program:
Â
- General low severity issues reported by automated scannersÂ
- Exploits involving specific tenant's/customer's customized waiting pages: The management portal allows JS/HTML customization of queue pages by designÂ
- Attacks requiring MITM or physical access to a user's deviceÂ
- Brute force attacksÂ
- CSRF vulnerabilities on unauthenticated forms or forms with no security impactÂ
- Social engineering or phishing attacks targeting users or staffÂ
- Software version disclosure / Banner identification issuesÂ
email: security@queue-it.com
Please include
- The description of the security vulnerability
- Affected hosts/endpoints
- Steps to reproduce the issue
- Proofs (requests/responses, screenshots, etc)