bug-bounty-sncf-connect-1
4
In Scope
15
Out of Scope
In-Scope Assets (4)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https//monidentifiant.sncf | URL | Yes | - | |
| https://sncf-connect.com | URL | Yes | ||
| https://www.sncf-connect.com | URL | Yes | ||
| https://www.sncf-connect.com/bff | URL | Yes |
Out-of-Scope Assets (15)
| Asset | Category | Bounty | |
|---|---|---|---|
| - hiflow.sncf-connect.com | OTHER | Yes | |
| - office-web-sncf-a.sips-services.com | OTHER | Yes | |
| - ouigo.com | OTHER | Yes | |
| - sncf-voyageurs.com | OTHER | Yes | |
| - ter.sncf.com | OTHER | Yes | |
| - tgvinoui.sncf | OTHER | Yes | |
| - www.garesetconnexions.sncf | OTHER | Yes | |
| - www.groupe-sncf.com | OTHER | Yes | |
| - www.malocationavis.sncf-connect.com | OTHER | Yes | |
| - www.maxjeune-tgvinoui.sncf | OTHER | Yes | |
| - www.sncf-connect-tech.fr | OTHER | Yes | |
| - www.sncf-voyageurs.com | OTHER | Yes | |
| - www.sncf.com | OTHER | Yes | |
| The SNCF Connect mobile applications (Android and Apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff'). | OTHER | Yes | |
| The scope of the Bug Bounty program is defined in the preceding section. To remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Yes |
Scope Changes (19)
Apr 16, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://www.sncf-connect.com | URL | In Scope | 18:33 |
| Added | https://sncf-connect.com | URL | In Scope | 18:33 |
| Added | https//monidentifiant.sncf | URL | In Scope | 18:33 |
| Added | https://www.sncf-connect.com/bff | URL | In Scope | 18:33 |
| Added | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 18:33 |
| Added | - www.sncf-connect-tech.fr | OTHER | Out of Scope | 18:33 |
| Added | - office-web-sncf-a.sips-services.com | OTHER | Out of Scope | 18:33 |
| Added | - www.sncf.com | OTHER | Out of Scope | 18:33 |
| Added | - www.groupe-sncf.com | OTHER | Out of Scope | 18:33 |
| Added | - www.garesetconnexions.sncf | OTHER | Out of Scope | 18:33 |
| Added | - sncf-voyageurs.com | OTHER | Out of Scope | 18:33 |
| Added | - www.sncf-voyageurs.com | OTHER | Out of Scope | 18:33 |
| Added | - tgvinoui.sncf | OTHER | Out of Scope | 18:33 |
| Added | - ter.sncf.com | OTHER | Out of Scope | 18:33 |
| Added | - ouigo.com | OTHER | Out of Scope | 18:33 |
| Added | - www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 18:33 |
| Added | - www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 18:33 |
| Added | - hiflow.sncf-connect.com | OTHER | Out of Scope | 18:33 |
| Added | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 18:33 |