{"id":5416,"date":"2024-09-22T06:58:29","date_gmt":"2024-09-22T06:58:29","guid":{"rendered":"https:\/\/junokart.com\/in\/?page_id=5416"},"modified":"2024-09-22T07:02:39","modified_gmt":"2024-09-22T07:02:39","slug":"responsible-disclosure-policy","status":"publish","type":"page","link":"https:\/\/junokart.com\/in\/responsible-disclosure-policy\/","title":{"rendered":"Responsible Disclosure Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"5416\" class=\"elementor elementor-5416\">\n\t\t\t\t<div class=\"elementor-element elementor-element-77c8637 e-flex e-con-boxed e-con e-parent\" data-id=\"77c8637\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c205752 elementor-widget elementor-widget-image\" data-id=\"c205752\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/junokart.com\/in\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/junokart.com\/in\/wp-content\/uploads\/2024\/09\/juno-512-x-512-px-150x150.webp\" class=\"attachment-thumbnail size-thumbnail wp-image-5370\" alt=\"\" srcset=\"https:\/\/junokart.com\/in\/wp-content\/uploads\/2024\/09\/juno-512-x-512-px-150x150.webp 150w, https:\/\/junokart.com\/in\/wp-content\/uploads\/2024\/09\/juno-512-x-512-px-300x300.webp 300w, https:\/\/junokart.com\/in\/wp-content\/uploads\/2024\/09\/juno-512-x-512-px-100x100.webp 100w, https:\/\/junokart.com\/in\/wp-content\/uploads\/2024\/09\/juno-512-x-512-px.webp 512w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9f68901 e-flex e-con-boxed e-con e-parent\" data-id=\"9f68901\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-394b48b elementor-widget elementor-widget-heading\" data-id=\"394b48b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Responsible Disclosure Policy\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3eba486 e-flex e-con-boxed e-con e-parent\" data-id=\"3eba486\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2d94bb5 elementor-widget elementor-widget-text-editor\" data-id=\"2d94bb5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">At Juno, we take the security of our systems seriously, and it is our constant endeavour to make our website a safe place for our customers to browse. However, in the rare case when some security researcher or member of the general public identifies a vulnerability in our systems, and responsibly shares the details of it with us, we appreciate their contribution, work closely with them to address such vulnerabilities with urgency, and if they want, publicly acknowledge their contribution. Juno reserves all the rights to validate the reports to be valid or not on the basis of impact of vulnerability.<\/span><\/p><p><b>To be eligible for recognition, you must<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Be the first person to responsibly disclose the bug.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Report a bug that could compromise our users&#8217; private data, circumvent the system&#8217;s protections, or enable access to a system within our infrastructure.<\/span><\/li><\/ul><p><b>Types of Recognition<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Hall of <\/span><span style=\"font-weight: 400;\">Fame<\/span><\/li><\/ul><p><b>Rules of Engagement<\/b><\/p><p><span style=\"font-weight: 400;\">You give us reasonable time to investigate and mitigate a vulnerability that you report.<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">Please refrain from accessing sensitive information (by using a test account and\/or system), performing actions that may negatively affect other Juno users (denial of service), or sending reports from automated tools.<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">You do not exploit a security vulnerability that you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">Violating any laws or breaching any agreements in order to discover vulnerabilities.<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">You do not publicly disclose details of a security vulnerability that you&#8217;ve reported without Juno&#8217;s permission.<\/span><\/p><p><b>Programme terms<\/b><\/p><p><span style=\"font-weight: 400;\">We recognise security researchers who help us to keep users safe by reporting vulnerabilities in our services. Recognition for such reports are entirely at Juno\u2019s discretion, based on risk, impact and other factors. For recognition in Juno\u2019s Hall of Fame, you first need to meet the following requirements:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Adhere to our Responsible Disclosure Policy<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Report a security bug: identify a vulnerability in our services or infrastructure which creates a security or privacy risk. (Note that Juno ultimately determines the risk of an vulnerability, and that many software bugs are not security vulnerabilities.)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Your report must describe a problem involving one of the products or services listed under &#8220;Scope&#8221;.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">We specifically exclude certain types of potential security vulnerabilities; these are listed under &#8220;Exclusions\u201d.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations or other confidential information) while investigating an vulnerability, make sure that you disclose this in your report.<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">In turn, we will follow these guidelines when evaluating reports under our responsible disclosure programme:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">We investigate and respond to all valid reports. Due to the volume of reports that we receive, however, we prioritise evaluations based on risk and other factors, and it may take some time before you receive a reply.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">We determine recognition in hall of fame based on a variety of factors, including (but not limited to) impact, ease of exploitation and quality of the report. Note that extremely low-risk vulnerabilities may not qualify for hall of fame at all.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the event of duplicate reports, we give recognition to the first person to submit a vulnerability. (Juno determines duplicates and may not share details on the other reports.)<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">Note that your use of Juno services including for the purposes of this programme, is subject to Juno\u2019s Terms and Policies. We may retain any communications about security vulnerabilities that you report for as long as we deem necessary for programme purposes, and we may cancel or modify this programme at any time.<\/span><\/p><p><b>Scope<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Android Juno<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">iOS Juno<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Android Delivery Partner Juno<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">iOS Business Juno<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">https:\/\/junokart.com<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">https:\/\/junokart.in<\/span><\/li><\/ul><p><b>How to Report a Vulnerability?<\/b><\/p><p><span style=\"font-weight: 400;\">If you happen to have identified a vulnerability on any of our web or mobile app properties, we request you to follow the steps outlined below:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Please submit the vulnerability report form with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If possible, share with us your contact details (phone number), so that our security team can reach out to you if further inputs are needed to identify or close the problem.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our system\u2019s ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">While we appreciate the inputs of Whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.<\/span><\/li><\/ul><p><b>Report a Vulnerability<\/b><\/p><p><span style=\"font-weight: 400;\">Send an email to security@junokart.com<\/span><\/p><p><b>Qualifying Vulnerabilities<\/b><\/p><p><span style=\"font-weight: 400;\">Any design or implementation issue that is reproducible and substantially affects the security of Juno users is likely to be in scope for the program. Common examples include:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Injections<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cross Site Scripting (XSS)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cross Site Request Forgery (CSRF)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Remote Code Execution (RCE)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Authentication\/Authorisation flaws<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Domain take-over vulnerabilities<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Able to take-over other Juno user accounts (while testing, use your own another test account to validate)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any vulnerability that can affect the Juno Brand, user data and financial transactions<\/span><\/li><\/ul><p><b>Exclusions<\/b><\/p><p><span style=\"font-weight: 400;\">The following bugs are unlikely to be eligible:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities found through automated testing<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">&#8220;Scanner output&#8221; or scanner-generated reports<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Publicly released CVE\u2019s or 0-days in internet software within 90 days of their disclosure<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">&#8220;Advisory&#8221; or &#8220;Informational&#8221; reports that do not include any Juno testing or context<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities requiring MITM or physical access to the victim\u2019s unlocked device.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Denial of Service attacks<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; SPF and DKIM issues<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; Content injection<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; Hyperlink injection in emails<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; IDN homograph attacks<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; RTL Ambiguity<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Content Spoofing<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities relating to Password Policy<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Full-Path Disclosure on any property<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Version number information disclosure<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Third-party applications on the Juno Application directory (identified by the existence of a &#8220;Report this app&#8221; link on the app&#8217;s page). Please report vulnerabilities with these services to the creator of that specific application.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Clickjacking on pre-authenticated pages, or the non-existence of X-Frame-Options, or other non-exploitable clickjacking vulnerabilities<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">CSRF-able actions that do not require authentication (or a session) to exploit<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">Reports related to the following security-related headers<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; Strict Transport Security (HSTS)<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; XSS mitigation headers (X-Content-Type and X-XSS-Protection)<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; X-Content-Type-Options<\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\"><br \/><\/span><span style=\"font-weight: 400;\">&#8211; Content Security Policy (CSP) settings (excluding nosniff in an exploitable scenario)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Bugs that do not represent any security risk<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Security bugs in third-party applications or services built on the Juno API &#8211; please report them to the third party that built the application or service<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Security bugs in software related to an acquisition for a period of 90 days following any public announcement<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">HTTP TRACE or OPTIONS methods enabled<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Non-sensitive (i.e., non-session) cookies missing the Secure or HttpOnly flags<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tap jacking<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mobile client issues require a rooted device and\/or outdated OS version or SSL pinning issues.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Subdomain takeovers without supporting evidence<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Missing best practices in SSL\/TLS configuration.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Vulnerabilities that cannot be used to exploit other users or Juno &#8212; e.g., self-XSS or having a user paste JavaScript into the browser console<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open ports without an accompanying proof-of-concept demonstrating vulnerability<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerabilities in the whitehat report form<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Submitting complaints about services<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Making fraud reports and\/or suspicions of fraud reports from false mail or phishing e-mails<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Reporting viruses.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Submitting complaints or questions about the availability of the website.<\/span><\/li><\/ul><p><b>Acknowledgements<\/b><\/p><p><span style=\"font-weight: 400;\">We do not have a bounty\/cash reward program for such disclosures, but we express our gratitude for your contribution in different ways. For genuine ethical disclosures, we would be glad to publicly acknowledge your contribution in this section on our website. Of course, this will be done if you want a public acknowledgement.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Responsible Disclosure Policy At Juno, we take the security of our systems seriously, and it is our constant endeavour to&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_canvas","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-5416","page","type-page","status-publish","hentry"],"acf":[],"post-meta":{"_edit_lock":["1726988695:1"],"_edit_last":["1"],"pn_send_notification_on_post":["0"],"site-container":["default"],"site-header-transparent":["default"],"site-page-header":["default"],"site-sidebar":["default"],"_elementor_edit_mode":["builder"],"_elementor_template_type":["wp-page"],"_elementor_version":["3.24.2"],"_wp_page_template":["elementor_canvas"],"_elementor_data":["[{\"id\":\"77c8637\",\"elType\":\"container\",\"settings\":{\"flex_direction\":\"column\"},\"elements\":[{\"id\":\"c205752\",\"elType\":\"widget\",\"settings\":{\"content_width\":\"full\",\"image\":{\"url\":\"https:\\\/\\\/junokart.com\\\/in\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/juno-512-x-512-px.webp\",\"id\":5370,\"size\":\"\",\"alt\":\"\",\"source\":\"library\"},\"image_size\":\"thumbnail\",\"link_to\":\"custom\",\"link\":{\"url\":\"https:\\\/\\\/junokart.com\\\/in\",\"is_external\":\"\",\"nofollow\":\"\",\"custom_attributes\":\"\"}},\"elements\":[],\"widgetType\":\"image\"}],\"isInner\":false},{\"id\":\"9f68901\",\"elType\":\"container\",\"settings\":{\"flex_direction\":\"column\"},\"elements\":[{\"id\":\"394b48b\",\"elType\":\"widget\",\"settings\":{\"content_width\":\"full\",\"title\":\"Responsible Disclosure Policy\\n\",\"align\":\"center\",\"title_color\":\"#FFFFFF\"},\"elements\":[],\"widgetType\":\"heading\"}],\"isInner\":false},{\"id\":\"3eba486\",\"elType\":\"container\",\"settings\":{\"flex_direction\":\"column\",\"margin\":{\"unit\":\"px\",\"top\":\"40\",\"right\":\"0\",\"bottom\":\"0\",\"left\":\"0\",\"isLinked\":false}},\"elements\":[{\"id\":\"2d94bb5\",\"elType\":\"widget\",\"settings\":{\"content_width\":\"full\",\"editor\":\"<p><span style=\\\"font-weight: 400;\\\">At Juno, we take the security of our systems seriously, and it is our constant endeavour to make our website a safe place for our customers to browse. However, in the rare case when some security researcher or member of the general public identifies a vulnerability in our systems, and responsibly shares the details of it with us, we appreciate their contribution, work closely with them to address such vulnerabilities with urgency, and if they want, publicly acknowledge their contribution. Juno reserves all the rights to validate the reports to be valid or not on the basis of impact of vulnerability.<\\\/span><\\\/p><p><b>To be eligible for recognition, you must<\\\/b><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Be the first person to responsibly disclose the bug.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Report a bug that could compromise our users' private data, circumvent the system's protections, or enable access to a system within our infrastructure.<\\\/span><\\\/li><\\\/ul><p><b>Types of Recognition<\\\/b><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Hall of <\\\/span><span style=\\\"font-weight: 400;\\\">Fame<\\\/span><\\\/li><\\\/ul><p><b>Rules of Engagement<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">You give us reasonable time to investigate and mitigate a vulnerability that you report.<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">Please refrain from accessing sensitive information (by using a test account and\\\/or system), performing actions that may negatively affect other Juno users (denial of service), or sending reports from automated tools.<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">You do not exploit a security vulnerability that you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">Violating any laws or breaching any agreements in order to discover vulnerabilities.<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">You do not publicly disclose details of a security vulnerability that you've reported without Juno's permission.<\\\/span><\\\/p><p><b>Programme terms<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">We recognise security researchers who help us to keep users safe by reporting vulnerabilities in our services. Recognition for such reports are entirely at Juno\\u2019s discretion, based on risk, impact and other factors. For recognition in Juno\\u2019s Hall of Fame, you first need to meet the following requirements:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Adhere to our Responsible Disclosure Policy<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Report a security bug: identify a vulnerability in our services or infrastructure which creates a security or privacy risk. (Note that Juno ultimately determines the risk of an vulnerability, and that many software bugs are not security vulnerabilities.)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Your report must describe a problem involving one of the products or services listed under \\\"Scope\\\".<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">We specifically exclude certain types of potential security vulnerabilities; these are listed under \\\"Exclusions\\u201d.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations or other confidential information) while investigating an vulnerability, make sure that you disclose this in your report.<\\\/span><\\\/li><\\\/ul><p><span style=\\\"font-weight: 400;\\\">In turn, we will follow these guidelines when evaluating reports under our responsible disclosure programme:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">We investigate and respond to all valid reports. Due to the volume of reports that we receive, however, we prioritise evaluations based on risk and other factors, and it may take some time before you receive a reply.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">We determine recognition in hall of fame based on a variety of factors, including (but not limited to) impact, ease of exploitation and quality of the report. Note that extremely low-risk vulnerabilities may not qualify for hall of fame at all.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">In the event of duplicate reports, we give recognition to the first person to submit a vulnerability. (Juno determines duplicates and may not share details on the other reports.)<\\\/span><\\\/li><\\\/ul><p><span style=\\\"font-weight: 400;\\\">Note that your use of Juno services including for the purposes of this programme, is subject to Juno\\u2019s Terms and Policies. We may retain any communications about security vulnerabilities that you report for as long as we deem necessary for programme purposes, and we may cancel or modify this programme at any time.<\\\/span><\\\/p><p><b>Scope<\\\/b><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Android Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">iOS Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Android Delivery Partner Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">iOS Business Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">https:\\\/\\\/junokart.com<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">https:\\\/\\\/junokart.in<\\\/span><\\\/li><\\\/ul><p><b>How to Report a Vulnerability?<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">If you happen to have identified a vulnerability on any of our web or mobile app properties, we request you to follow the steps outlined below:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Please submit the vulnerability report form with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">If possible, share with us your contact details (phone number), so that our security team can reach out to you if further inputs are needed to identify or close the problem.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our system\\u2019s ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">While we appreciate the inputs of Whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.<\\\/span><\\\/li><\\\/ul><p><b>Report a Vulnerability<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">Send an email to security@junokart.com<\\\/span><\\\/p><p><b>Qualifying Vulnerabilities<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">Any design or implementation issue that is reproducible and substantially affects the security of Juno users is likely to be in scope for the program. Common examples include:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Injections<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Cross Site Scripting (XSS)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Cross Site Request Forgery (CSRF)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Remote Code Execution (RCE)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Authentication\\\/Authorisation flaws<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Domain take-over vulnerabilities<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Able to take-over other Juno user accounts (while testing, use your own another test account to validate)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Any vulnerability that can affect the Juno Brand, user data and financial transactions<\\\/span><\\\/li><\\\/ul><p><b>Exclusions<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">The following bugs are unlikely to be eligible:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities found through automated testing<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">\\\"Scanner output\\\" or scanner-generated reports<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Publicly released CVE\\u2019s or 0-days in internet software within 90 days of their disclosure<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">\\\"Advisory\\\" or \\\"Informational\\\" reports that do not include any Juno testing or context<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities requiring MITM or physical access to the victim\\u2019s unlocked device.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Denial of Service attacks<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- SPF and DKIM issues<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- Content injection<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- Hyperlink injection in emails<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- IDN homograph attacks<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- RTL Ambiguity<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Content Spoofing<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities relating to Password Policy<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Full-Path Disclosure on any property<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Version number information disclosure<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Third-party applications on the Juno Application directory (identified by the existence of a \\\"Report this app\\\" link on the app's page). Please report vulnerabilities with these services to the creator of that specific application.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Clickjacking on pre-authenticated pages, or the non-existence of X-Frame-Options, or other non-exploitable clickjacking vulnerabilities<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">CSRF-able actions that do not require authentication (or a session) to exploit<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">Reports related to the following security-related headers<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- Strict Transport Security (HSTS)<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- XSS mitigation headers (X-Content-Type and X-XSS-Protection)<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- X-Content-Type-Options<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">- Content Security Policy (CSP) settings (excluding nosniff in an exploitable scenario)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Bugs that do not represent any security risk<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Security bugs in third-party applications or services built on the Juno API - please report them to the third party that built the application or service<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Security bugs in software related to an acquisition for a period of 90 days following any public announcement<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">HTTP TRACE or OPTIONS methods enabled<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Non-sensitive (i.e., non-session) cookies missing the Secure or HttpOnly flags<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Tap jacking<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Mobile client issues require a rooted device and\\\/or outdated OS version or SSL pinning issues.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Subdomain takeovers without supporting evidence<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Missing best practices in SSL\\\/TLS configuration.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">The Vulnerabilities that cannot be used to exploit other users or Juno -- e.g., self-XSS or having a user paste JavaScript into the browser console<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Open ports without an accompanying proof-of-concept demonstrating vulnerability<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities in the whitehat report form<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Submitting complaints about services<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Making fraud reports and\\\/or suspicions of fraud reports from false mail or phishing e-mails<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Reporting viruses.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Submitting complaints or questions about the availability of the website.<\\\/span><\\\/li><\\\/ul><p><b>Acknowledgements<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">We do not have a bounty\\\/cash reward program for such disclosures, but we express our gratitude for your contribution in different ways. For genuine ethical disclosures, we would be glad to publicly acknowledge your contribution in this section on our website. Of course, this will be done if you want a public acknowledgement.<\\\/span><\\\/p>\",\"text_color\":\"#FFFFFF\",\"typography_typography\":\"custom\",\"typography_font_size\":{\"unit\":\"px\",\"size\":17,\"sizes\":[]}},\"elements\":[],\"widgetType\":\"text-editor\"}],\"isInner\":false}]"],"_elementor_page_settings":["a:3:{s:21:\"background_background\";s:8:\"gradient\";s:16:\"background_color\";s:7:\"#191F61\";s:18:\"background_color_b\";s:7:\"#081279\";}"],"_elementor_css":["a:6:{s:4:\"time\";i:1773552505;s:5:\"fonts\";a:0:{}s:5:\"icons\";a:0:{}s:20:\"dynamic_elements_ids\";a:0:{}s:6:\"status\";s:4:\"file\";i:0;s:0:\"\";}"],"_elementor_page_assets":["a:1:{s:6:\"styles\";a:3:{i:0;s:12:\"widget-image\";i:1;s:14:\"widget-heading\";i:2;s:18:\"widget-text-editor\";}}"],"_elementor_element_cache":["{\"timeout\":1777777799,\"value\":{\"content\":\"<div class=\\\"elementor-element elementor-element-77c8637 e-flex e-con-boxed e-con e-parent\\\" data-id=\\\"77c8637\\\" data-element_type=\\\"container\\\">\\n\\t\\t\\t\\t\\t<div class=\\\"e-con-inner\\\">\\n\\t\\t\\t\\t<div class=\\\"elementor-element elementor-element-c205752 elementor-widget elementor-widget-image\\\" data-id=\\\"c205752\\\" data-element_type=\\\"widget\\\" data-widget_type=\\\"image.default\\\">\\n\\t\\t\\t\\t<div class=\\\"elementor-widget-container\\\">\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t<a href=\\\"https:\\\/\\\/junokart.com\\\/in\\\">\\n\\t\\t\\t\\t\\t\\t\\t<img width=\\\"150\\\" height=\\\"150\\\" src=\\\"https:\\\/\\\/junokart.com\\\/in\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/juno-512-x-512-px-150x150.webp\\\" class=\\\"attachment-thumbnail size-thumbnail wp-image-5370\\\" alt=\\\"\\\" srcset=\\\"https:\\\/\\\/junokart.com\\\/in\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/juno-512-x-512-px-150x150.webp 150w, https:\\\/\\\/junokart.com\\\/in\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/juno-512-x-512-px-300x300.webp 300w, https:\\\/\\\/junokart.com\\\/in\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/juno-512-x-512-px-100x100.webp 100w, https:\\\/\\\/junokart.com\\\/in\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/juno-512-x-512-px.webp 512w\\\" sizes=\\\"(max-width: 150px) 100vw, 150px\\\" \\\/>\\t\\t\\t\\t\\t\\t\\t\\t<\\\/a>\\n\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t<\\\/div>\\n\\t\\t<div class=\\\"elementor-element elementor-element-9f68901 e-flex e-con-boxed e-con e-parent\\\" data-id=\\\"9f68901\\\" data-element_type=\\\"container\\\">\\n\\t\\t\\t\\t\\t<div class=\\\"e-con-inner\\\">\\n\\t\\t\\t\\t<div class=\\\"elementor-element elementor-element-394b48b elementor-widget elementor-widget-heading\\\" data-id=\\\"394b48b\\\" data-element_type=\\\"widget\\\" data-widget_type=\\\"heading.default\\\">\\n\\t\\t\\t\\t<div class=\\\"elementor-widget-container\\\">\\n\\t\\t\\t<h2 class=\\\"elementor-heading-title elementor-size-default\\\">Responsible Disclosure Policy\\n<\\\/h2>\\t\\t<\\\/div>\\n\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t<\\\/div>\\n\\t\\t<div class=\\\"elementor-element elementor-element-3eba486 e-flex e-con-boxed e-con e-parent\\\" data-id=\\\"3eba486\\\" data-element_type=\\\"container\\\">\\n\\t\\t\\t\\t\\t<div class=\\\"e-con-inner\\\">\\n\\t\\t\\t\\t<div class=\\\"elementor-element elementor-element-2d94bb5 elementor-widget elementor-widget-text-editor\\\" data-id=\\\"2d94bb5\\\" data-element_type=\\\"widget\\\" data-widget_type=\\\"text-editor.default\\\">\\n\\t\\t\\t\\t<div class=\\\"elementor-widget-container\\\">\\n\\t\\t\\t\\t\\t\\t\\t<p><span style=\\\"font-weight: 400;\\\">At Juno, we take the security of our systems seriously, and it is our constant endeavour to make our website a safe place for our customers to browse. However, in the rare case when some security researcher or member of the general public identifies a vulnerability in our systems, and responsibly shares the details of it with us, we appreciate their contribution, work closely with them to address such vulnerabilities with urgency, and if they want, publicly acknowledge their contribution. Juno reserves all the rights to validate the reports to be valid or not on the basis of impact of vulnerability.<\\\/span><\\\/p><p><b>To be eligible for recognition, you must<\\\/b><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Be the first person to responsibly disclose the bug.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Report a bug that could compromise our users&#8217; private data, circumvent the system&#8217;s protections, or enable access to a system within our infrastructure.<\\\/span><\\\/li><\\\/ul><p><b>Types of Recognition<\\\/b><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Hall of <\\\/span><span style=\\\"font-weight: 400;\\\">Fame<\\\/span><\\\/li><\\\/ul><p><b>Rules of Engagement<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">You give us reasonable time to investigate and mitigate a vulnerability that you report.<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">Please refrain from accessing sensitive information (by using a test account and\\\/or system), performing actions that may negatively affect other Juno users (denial of service), or sending reports from automated tools.<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">You do not exploit a security vulnerability that you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">Violating any laws or breaching any agreements in order to discover vulnerabilities.<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">You do not publicly disclose details of a security vulnerability that you&#8217;ve reported without Juno&#8217;s permission.<\\\/span><\\\/p><p><b>Programme terms<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">We recognise security researchers who help us to keep users safe by reporting vulnerabilities in our services. Recognition for such reports are entirely at Juno\\u2019s discretion, based on risk, impact and other factors. For recognition in Juno\\u2019s Hall of Fame, you first need to meet the following requirements:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Adhere to our Responsible Disclosure Policy<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Report a security bug: identify a vulnerability in our services or infrastructure which creates a security or privacy risk. (Note that Juno ultimately determines the risk of an vulnerability, and that many software bugs are not security vulnerabilities.)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Your report must describe a problem involving one of the products or services listed under &#8220;Scope&#8221;.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">We specifically exclude certain types of potential security vulnerabilities; these are listed under &#8220;Exclusions\\u201d.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations or other confidential information) while investigating an vulnerability, make sure that you disclose this in your report.<\\\/span><\\\/li><\\\/ul><p><span style=\\\"font-weight: 400;\\\">In turn, we will follow these guidelines when evaluating reports under our responsible disclosure programme:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">We investigate and respond to all valid reports. Due to the volume of reports that we receive, however, we prioritise evaluations based on risk and other factors, and it may take some time before you receive a reply.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">We determine recognition in hall of fame based on a variety of factors, including (but not limited to) impact, ease of exploitation and quality of the report. Note that extremely low-risk vulnerabilities may not qualify for hall of fame at all.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">In the event of duplicate reports, we give recognition to the first person to submit a vulnerability. (Juno determines duplicates and may not share details on the other reports.)<\\\/span><\\\/li><\\\/ul><p><span style=\\\"font-weight: 400;\\\">Note that your use of Juno services including for the purposes of this programme, is subject to Juno\\u2019s Terms and Policies. We may retain any communications about security vulnerabilities that you report for as long as we deem necessary for programme purposes, and we may cancel or modify this programme at any time.<\\\/span><\\\/p><p><b>Scope<\\\/b><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Android Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">iOS Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Android Delivery Partner Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">iOS Business Juno<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">https:\\\/\\\/junokart.com<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">https:\\\/\\\/junokart.in<\\\/span><\\\/li><\\\/ul><p><b>How to Report a Vulnerability?<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">If you happen to have identified a vulnerability on any of our web or mobile app properties, we request you to follow the steps outlined below:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Please submit the vulnerability report form with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">If possible, share with us your contact details (phone number), so that our security team can reach out to you if further inputs are needed to identify or close the problem.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our system\\u2019s ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">While we appreciate the inputs of Whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.<\\\/span><\\\/li><\\\/ul><p><b>Report a Vulnerability<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">Send an email to security@junokart.com<\\\/span><\\\/p><p><b>Qualifying Vulnerabilities<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">Any design or implementation issue that is reproducible and substantially affects the security of Juno users is likely to be in scope for the program. Common examples include:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Injections<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Cross Site Scripting (XSS)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Cross Site Request Forgery (CSRF)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Remote Code Execution (RCE)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Authentication\\\/Authorisation flaws<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Domain take-over vulnerabilities<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Able to take-over other Juno user accounts (while testing, use your own another test account to validate)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Any vulnerability that can affect the Juno Brand, user data and financial transactions<\\\/span><\\\/li><\\\/ul><p><b>Exclusions<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">The following bugs are unlikely to be eligible:<\\\/span><\\\/p><ul><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities found through automated testing<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">&#8220;Scanner output&#8221; or scanner-generated reports<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Publicly released CVE\\u2019s or 0-days in internet software within 90 days of their disclosure<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">&#8220;Advisory&#8221; or &#8220;Informational&#8221; reports that do not include any Juno testing or context<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities requiring MITM or physical access to the victim\\u2019s unlocked device.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Denial of Service attacks<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; SPF and DKIM issues<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; Content injection<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; Hyperlink injection in emails<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; IDN homograph attacks<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; RTL Ambiguity<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Content Spoofing<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities relating to Password Policy<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Full-Path Disclosure on any property<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Version number information disclosure<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Third-party applications on the Juno Application directory (identified by the existence of a &#8220;Report this app&#8221; link on the app&#8217;s page). Please report vulnerabilities with these services to the creator of that specific application.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Clickjacking on pre-authenticated pages, or the non-existence of X-Frame-Options, or other non-exploitable clickjacking vulnerabilities<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">CSRF-able actions that do not require authentication (or a session) to exploit<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">Reports related to the following security-related headers<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; Strict Transport Security (HSTS)<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; XSS mitigation headers (X-Content-Type and X-XSS-Protection)<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; X-Content-Type-Options<\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\"><br \\\/><\\\/span><span style=\\\"font-weight: 400;\\\">&#8211; Content Security Policy (CSP) settings (excluding nosniff in an exploitable scenario)<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Bugs that do not represent any security risk<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Security bugs in third-party applications or services built on the Juno API &#8211; please report them to the third party that built the application or service<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Security bugs in software related to an acquisition for a period of 90 days following any public announcement<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">HTTP TRACE or OPTIONS methods enabled<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Non-sensitive (i.e., non-session) cookies missing the Secure or HttpOnly flags<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Tap jacking<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Mobile client issues require a rooted device and\\\/or outdated OS version or SSL pinning issues.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Subdomain takeovers without supporting evidence<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Missing best practices in SSL\\\/TLS configuration.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">The Vulnerabilities that cannot be used to exploit other users or Juno &#8212; e.g., self-XSS or having a user paste JavaScript into the browser console<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Open ports without an accompanying proof-of-concept demonstrating vulnerability<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Vulnerabilities in the whitehat report form<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Submitting complaints about services<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Making fraud reports and\\\/or suspicions of fraud reports from false mail or phishing e-mails<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Reporting viruses.<\\\/span><\\\/li><li style=\\\"font-weight: 400;\\\" aria-level=\\\"1\\\"><span style=\\\"font-weight: 400;\\\">Submitting complaints or questions about the availability of the website.<\\\/span><\\\/li><\\\/ul><p><b>Acknowledgements<\\\/b><\\\/p><p><span style=\\\"font-weight: 400;\\\">We do not have a bounty\\\/cash reward program for such disclosures, but we express our gratitude for your contribution in different ways. For genuine ethical disclosures, we would be glad to publicly acknowledge your contribution in this section on our website. Of course, this will be done if you want a public acknowledgement.<\\\/span><\\\/p>\\t\\t\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t\\t<\\\/div>\\n\\t\\t\\t\\t<\\\/div>\\n\\t\\t\",\"scripts\":[],\"styles\":[]}}"]},"_links":{"self":[{"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/pages\/5416"}],"collection":[{"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/comments?post=5416"}],"version-history":[{"count":0,"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/pages\/5416\/revisions"}],"wp:attachment":[{"href":"https:\/\/junokart.com\/in\/wp-json\/wp\/v2\/media?parent=5416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}