Reporting a Vulnerability
This page aims to outline the guidelines for submitting a security vulnerability report to Quickbase. The purpose of these guidelines is to ensure that all reports can be thoroughly and expeditiously reviewed and analyzed, with the chief objective being to ensure a secure and reliable Quickbase experience. To aid in these efforts, we ask that the following are included with all submissions. Please review the following page and email your findings to [email protected]. Thank you!
Kindly make sure that each report for vulnerability submission consists of only one vulnerability, unless it's essential to connect various vulnerabilities to showcase their collective impact.
1. Vulnerability Description
Provide a thorough description of the vulnerability including the affected area or component, exploit conditions, and potential consequences of a successful attack.
2. Detailed Reproduction Steps
Ensure that your submission contains comprehensive and reproducible steps. Please make certain that all necessary steps are included in your submissions as Quickbase requires comprehensive evidence to properly assess potential vulnerabilities. These reproduction steps must demonstrate that the vulnerability is not a false-positive and is exploitable; evidence of exploitations steps must also be included. Submissions lacking these necessary steps or those which are produced from automated vulnerability scan exports will not be accepted.
3. Screenshots / Evidence
The submission must include a set of high-quality screenshots that accurately depict the reproduction steps. These screenshots should be in full screen, include all details, and must be high resolution to ensure clarity. This helps ensure the accuracy of review by Quickbase Security Engineers.
The following will aid Quickbase’s Security Engineers in assessing and remediating vulnerabilities timely. While not required, including the following details will support an efficient intake, assessment and remediation process.
The Common Vulnerability Scoring System (CVSS) is a widely used system for rating security vulnerabilities in software/systems, providing a standardized approach to assess potential impact and prioritize response to threats.
Accurate CVSS scores facilitate prioritization, analysis and remediation, as applicable, for vulnerabilities reported to Quickbase. Use the NIST CVSS Calculator linked here.
Provide a detailed outline of the proposed measures to address and remediate each vulnerability submission.
A special thank you to the following people that have responsibly disclosed vulnerabilities to Quickbase:
- Md. Nur A Alam Dipu
- David Maskasky — https://www.linkedin.com/in/davidmaskasky
- Amal Jacob — https://www.facebook.com/amaljacob753
- Prashant BS — https://www.linkedin.com/in/bsprashant/
- Eugen O — https://twitter.com/eugenolteanu
- Sourav Dey — https://www.linkedin.com/in/sourav-dey-a2067a15a