GitLab CVSS Calculator

This calculator is used to calculate bounties for vulnerabilities reported to GitLab's Bug Bounty Program on HackerOne or via our Responsible Disclosure Policy. Answering the questions will calculate a severity score using the Common Vulnerability Scoring System (CVSS) which is used to calculate a suggested bug bounty based on the impact.

The suggested bounty amounts for issues that aren't exploitable but we would like to reward regardless are defined below:

  • Self-XSS: $100

For GitLab team member token disclosure and leakage of GitLab customer data in issues, the suggested bounty amount would be as defined below:

  • Leaked customer names: $500
  • Leaked customer names, emails, financial data: $1,000
  • Leaked non-maintainer access token: $7,500
  • Leaked maintainer access token: $15,000
  • Leaked admin access token: $35,000