We are unable to respond to bulk reports generated by automated scanners. If you identify issues using an automated scanner, it is recommended that you have a security practitioner review the issues and ensure that the findings are valid before submitting a vulnerability report to Atlassian.
If you believe you have found a security issue that meets Atlassian’s definition of a vulnerability, please submit the report to our security team via one of the methods below:
If you are a customer:
If you are a security researcher:
Only vulnerabilities submitted through our bug bounty program are eligible to receive a bounty payment.
Please include the following information in your report:
- Type of issue (cross-site scripting, SQL injection, remote code execution, etc.)
- Product and version with the bug or a URL if dealing with a cloud service
- The potential impact of the vulnerability (i.e. what data can be accessed or modified)
- Step-by-step instructions to reproduce the issue
- Any proof-of-concept or exploit code required to reproduce
If you wish to encrypt your submission with our PGP key, please download it here.