Reporting a Security Concern

At Quickbase, we prioritize privacy and security as fundamental aspects of our platform and corporate operations. Maintaining the trust of our users is of utmost importance, and we strive to uphold the highest standards in both privacy and security. If you have identified a security vulnerability that you believe we should be made aware of, we would welcome the opportunity to collaborate with you. If you have identified a security concern other than a security vulnerability, please notify us at [email protected].

Quickbase requires that all vulnerabilities are reported to us through our Vulnerability Disclosure Program in Intigriti. Here, researchers can view details regarding the rules of engagement, in-scope assets, and out-of-scope disclosures when conducting research, and responsibly disclose their findings. 

This page aims to outline the guidelines for submitting a security vulnerability report to Quickbase. The guidelines on this page are to ensure that all reports can be thoroughly and expeditiously reviewed and analyzed, with the chief objective being to ensure a secure and reliable Quickbase experience. To aid in these efforts, we ask that the following are included with all submissions.

Submission Requirements

Kindly make sure that each report for vulnerability submission consists of only one vulnerability, unless it's essential to connect various vulnerabilities to showcase their collective impact.

1. Vulnerability Description

Provide a thorough description of the vulnerability including the affected area or component, exploit conditions, and potential consequences of a successful attack.

2. Detailed Reproduction Steps

Ensure that your submission contains comprehensive and reproducible steps. Please make certain that all necessary steps are included in your submissions as Quickbase requires comprehensive evidence to properly assess potential vulnerabilities. These reproduction steps must demonstrate that the vulnerability is not a false-positive and is exploitable; evidence of exploitations steps must also be included. Submissions lacking these necessary steps or those which are produced from automated vulnerability scan exports will not be accepted.

3. Screenshots / Evidence

The submission must include a set of high-quality screenshots that accurately depict the reproduction steps. These screenshots should be in full screen, include all details, and must be high resolution to ensure clarity. This helps ensure the accuracy of review by Quickbase Security Engineers.

4. CVSS Score / Severity

The Common Vulnerability Scoring System (CVSS) is a widely used system for rating security vulnerabilities in software/systems, providing a standardized approach to assess potential impact and prioritize response to threats. Accurate CVSS scores facilitate prioritization, analysis and remediation, as applicable, for vulnerabilities reported to Quickbase. 

Additional Information

The following will aid Quickbase’s Security Engineers in assessing and remediating vulnerabilities timely. While not required, including the following details will support an efficient intake, assessment and remediation process.

Remediation Steps

Provide a detailed outline of the proposed measures to address and remediate each vulnerability submission.

Thank you!