{
  "bounty_code": "acmedynamite",
  "bug_url": "http://acmetntproducts.com",
  "caption": "Use the redundant IB application then you can quantify the mobile panel!",
  "custom_fields": { "field1": "my value" },
  "description_markdown": "When I click the thing it opens a thing which lets me type in a thing. Just enables the other thing which I can enter my payload in and make it go BOOOOOM!",
  "extra_info_markdown": "### Here is some extra info about this submission",
  "file_attachments_count": 2,
  "http_request": "GET / HTTP/1.1\\nHost: bugcrowd.com\\nProxy-Connection: keep-alive\\nAccept: text/htmlapplication/xhtml+xmlapplication/xml;q=0.9image/webp*/*;q=0.8\\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10...",
  "priority": "2",
  "remediation_advice_markdown": "1. If possible consider disabling external access.\n2. Never use default credentials as it is trivial for an attacker to gain access by providing known or easy to guess credentials.\n3. Always change any kind of default credentials as the first step of setting up any kind of environment.\n4. Passwords should meet or exceed proper password strength requirements.",
  "reference_number": "9cec0d6e6b1c778f34ba4eade6cd2a3e",
  "submitted_at": "2016-08-20T18:07:32.181Z",
  "source":"platform",
  "substate": "unresolved",
  "real_substate": "unresolved", 
  "title": "Use the redundant IB application then you can quantify the mobile panel!",
  "vrt_id": "server_security_misconfiguration.using_default_credentials.staging_development_server",
  "vrt_version": "1.0",
  "vulnerability_references_markdown": "* https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002) \n * https://www.owasp.org/index.php/Configuration#Default_passwords \n * https://www.owasp.org/index.php/Authentication_Cheat_Sheet",
  "uuid": "4cdf9c81-d92e-4918-8766-1eda55e7293c",
  "bounty": {
    "uuid": "d76c9eeb-25bb-4a08-9cd2-51677fd35bcd",
    "bounty_type": "ongoing",
    "code": "acmedynamite",
    "custom_field_labels": [
      {
        "field_id": "09cfece3-f986-4c94-8cfc-03578d14e7ae",
        "field_name": "field1"
      }
    ],
    "description_markdown": "A bounty testing the safety and security of dynamite-related devices produced by The Acme Corporation",
    "ends_at": null,
    "high_reward": 20000,
    "low_reward": 100,
    "name": "Acme Dynamite",
    "participation": "open",
    "points_only": true,
    "starts_at": "2016-12-01T00:00:00.000Z",
    "targets_overview_markdown": "",
    "tagline": "Have a blast hacking on Acme products!",
    "total_prize_pool": 100000,
    "remaining_prize_pool": 50000,
    "trial": false,
    "status": "live",
    "service_level": "validation"
  },
  "duplicate_of": null,
  "duplicate": false,
  "assignee": {
    "display_name": "Bertram Gilfoyle"
  },
  "user": {
    "username": "researcher123"
  },
  "monetary_rewards": [
    {
      "amount": "100.00"
    }
  ],
  "target": {
    "name": "http://acmetntproducts.com",
    "business_priority": "high"
  }
}

Attribute

Type or Potential Values

Notes

bounty_code

String

Bounty's code

bug_url

String

caption

String

custom_fields

Array of Custom Fields

cvss_string

CVSS Object

This is only shown if the Bounty has enabled CVSS.

description_markdown

Text

Bugcrowd supports Github flavored markdown.

extra_info_markdown

Text

Bugcrowd supports Github flavored markdown.

file_attachments_count

Integer

Number of attachments on the submission.

http_request

Text

identity

Boolean

priority

Integer (1-5)

Technical Severity

remediation_advice_markdown

Text

This field is only available to programs with Alpha access of Remediation Advice.

Bugcrowd supports Github flavored markdown.

reference_number

String

Unique Identifier that is visible to researchers

submitted_at

DateTime

source

  • api
  • csv
  • email
  • external_form
  • platform
  • qualys

How the submission was created

substate

  • nue
  • wont_fix
  • out_of_scope
  • not_applicable
  • not_reproducible
  • triaged
  • unresolved
  • resolved

real_substate

String

title

String

vrt_id

String (VRT ID's joined by .)

Vulnerability Rating Taxonomy Classification ID

vrt_version

Integer

VRT Version

vulnerability_references_markdown

Text

This field is only available to programs with Alpha access of Remediation Advice.

Bugcrowd supports Github flavored markdown.

uuid

UUID

bounty

Bounty

duplicate_of

Submission

duplicate

Boolean

Whether the submission is a duplicate of another finding

assignee

Tracker User

user

User

monetary_rewards

Array of Monetary Rewards

target

Target