Report Security Issues
If you’ve identified a security vulnerability on theleathership.com, we encourage you to promptly notify us. We will thoroughly review all legitimate vulnerability reports and make every effort to promptly address the issue. Before submitting a report, please carefully review this document, which includes essential information, details about our bounty program, reward guidelines, and what should not be reported.
Fundamentals
If you adhere to the principles outlined below when reporting a security issue to theleathership.com, we commit not to initiate a lawsuit or enforcement investigation against you in response to your report.
We ask that:
You provide us with reasonable time to review and address the vulnerability you report before publicly disclosing any information about the report or sharing such information with others.
You refrain from interacting with a private account (including modifying or accessing data from the account) unless the account owner has given explicit consent for such actions.
You make a good faith effort to avoid privacy violations and disruptions to others, including but not limited to the destruction of data and interruption or degradation of our services.
You do not exploit a security issue you discover for any reason. This includes refraining from demonstrating additional risk, such as attempting to compromise sensitive company data or searching for additional issues.
You do not violate any other applicable laws or regulations.
BOUNTY PROGRAM
We acknowledge and reward security researchers for contributing to the safety of our services by reporting vulnerabilities. Monetary bounties for such reports are entirely at the discretion of theleathership.com, taking into account risk, impact, and other relevant factors. To potentially qualify for a bounty, you initially need to meet the following requirements:
Adhere to our fundamentals (as outlined above).
Report a security bug: Identify a vulnerability in our services or infrastructure that poses a security or privacy risk. Please note that theleathership.com ultimately determines the severity of an issue, as not all bugs may be considered security issues.
Submit your report through our security center. Do not contact employees directly.
If, during the investigation of a vulnerability, you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations, or other confidential information), disclose this in your report.
We thoroughly investigate and respond to all valid reports. Due to the volume of reports we receive, prioritization is based on risk and other factors, and it may take some time before you receive a reply.
We reserve the right to publish reports.
REWARDS
Our rewards are determined based on the impact of a vulnerability. We will update the program over time based on feedback, so please provide us with any feedback you think can help us improve the program.
To be eligible for a bounty, please provide detailed reports with reproducible steps. If the report lacks sufficient detail to reproduce the issue, it may not qualify for a bounty.
In the case of duplicate reports, we will award the bounty to the first report that we can completely reproduce.
If multiple vulnerabilities stem from one underlying issue, they will be awarded a single bounty.
Bounty rewards are determined by various factors, including impact, ease of exploitation, and the quality of the report. The specific bounty reward amounts are listed below.
The following amounts represent the maximum we will pay per severity level. We strive to be fair, and all reward amounts are at our discretion.
- Critical Severity Vulnerabilities ($200): These are vulnerabilities that lead to privilege escalation on the platform (e.g., from unprivileged to admin), allow remote code execution, or enable financial theft, among other serious issues.
Examples:
- Remote Code Execution
- Remote Shell/Command Execution
Vertical Authentication bypass
- SQL Injection that leaks targeted data
- Get full access to accounts
High Severity Vulnerabilities ($100): These are vulnerabilities that impact the security of the platform and the processes it supports.
Examples:
- Lateral authentication bypass
- Disclosure of important information within the corporate
- Stored XSS for a further user
- Local file inclusion
- Insecure handling of authentication cookies
Medium Severity Vulnerabilities ($50): These are vulnerabilities that impact multiple users and require little or no user interaction to trigger.
 Examples:
Common logic design flaws and business process defects
- Insecure object of the verb References
Low Severity Vulnerabilities: These are issues that impact individual users and require interaction or significant prerequisites (such as MITM) to trigger. The specific reward amount for low severity vulnerabilities is not mentioned in the provided information.
Examples:
- Open redirect
- Reflective XSS
- Low sensitivity Information leaks
Customer Support 24/7
Address: 85 Great Portland Customer Support 24/7
Email:Â support@theleathership.com
Phone: +447532 723884