Reporting a Vulnerability

At Quickbase, we prioritize privacy and security as fundamental aspects of our platform and corporate operations. Maintaining the trust of our users is of utmost importance, and we strive to uphold the highest standards in both privacy and security. If you have identified a security concern that you believe we should be made aware of, we would welcome the opportunity to collaborate with you.

This page aims to outline the guidelines for submitting a security vulnerability report to Quickbase. The purpose of these guidelines is to ensure that all reports can be thoroughly and expeditiously reviewed and analyzed, with the chief objective being to ensure a secure and reliable Quickbase experience. To aid in these efforts, we ask that the following are included with all submissions. Please review the following page and email your findings to [email protected]. Thank you!

Submission Requirements

Kindly make sure that each report for vulnerability submission consists of only one vulnerability, unless it's essential to connect various vulnerabilities to showcase their collective impact.

1. Vulnerability Description

Provide a thorough description of the vulnerability including the affected area or component, exploit conditions, and potential consequences of a successful attack.

2. Detailed Reproduction Steps

Ensure that your submission contains comprehensive and reproducible steps. Please make certain that all necessary steps are included in your submissions as Quickbase requires comprehensive evidence to properly assess potential vulnerabilities. These reproduction steps must demonstrate that the vulnerability is not a false-positive and is exploitable; evidence of exploitations steps must also be included. Submissions lacking these necessary steps or those which are produced from automated vulnerability scan exports will not be accepted.

3. Screenshots / Evidence

The submission must include a set of high-quality screenshots that accurately depict the reproduction steps. These screenshots should be in full screen, include all details, and must be high resolution to ensure clarity. This helps ensure the accuracy of review by Quickbase Security Engineers.

Additional Information

The following will aid Quickbase’s Security Engineers in assessing and remediating vulnerabilities timely. While not required, including the following details will support an efficient intake, assessment and remediation process.

CVSS Score

The Common Vulnerability Scoring System (CVSS) is a widely used system for rating security vulnerabilities in software/systems, providing a standardized approach to assess potential impact and prioritize response to threats.

Accurate CVSS scores facilitate prioritization, analysis and remediation, as applicable, for vulnerabilities reported to Quickbase. Use the NIST CVSS Calculator linked here.

Remediation Steps

Provide a detailed outline of the proposed measures to address and remediate each vulnerability submission.

Thank you!

A special thank you to the following people that have responsibly disclosed vulnerabilities to Quickbase: