Responsible vulnerability disclosure

Eleving Group is committed to ensuring information security and protection of our information resources against cyber threats. We encourage responsible security vulnerability disclosure as set in this policy and welcome any security researchers to report security flaws in our services and resources.

Scope

This policy applies to the following domains:

Exclusion: 

 

  • autodiscover.mogo.ge

We expect reports about vulnerabilities such as Cross-Site Scripting (XSS), SQL injections, encryption flaws, remote code execution, authentication flaws, etc.

The following test types are not authorized:

  • Network denial of service (DoS, DDoS) tests.
  • Brute force credential compromise,
  • Social engineering,
  • Physical access testing,
  • Any other non-technical vulnerability testing.

Legal Disclosure

We accept vulnerability reports for the scope listed above and we agree not to pursue legal action in good faith against individuals who:

  • Comply with this policy during security research;
  • Engage in testing products and services without harming our systems and data;
  • Refrain from disclosing any discovered vulnerability details to the public before a mutually agreed-upon timeframe expires.

We reserve the right to accept or reject any reports on any vulnerabilities and act upon it in accordance with our internal rules and procedures.

How can you report?

If you believe that you have discovered a vulnerability in our information resources, please contact us at security@eleving.com and include the following information:

  • A detailed description of the vulnerability;
  • Detailed information about the exploitation of the vulnerability;
  • If applicable, a link, screenshots, or any other information that helps us to identify the vulnerability you have found.

What do we expect from you?

Please note that during the vulnerability research, it is crucial that you follow these rules:

  • You do not use the detected vulnerability to access or attempt to access information that does not belong to you (only to prove the existence of the vulnerability);
  • You do not use the detected vulnerability to remove or modify the information;
  • You inform us about the vulnerability in a timely manner and let us fix the reported vulnerability before going public with it.

What to expect from us?

We do not offer financial compensation, but when the reported vulnerability will be resolved, we may provide assistance and information for the researcher's publication and promote their contribution, if there has been a mutual agreement on it.

Information about services provided by AS mogo: AS mogo offers leasing, reverse leasing and consumer credit services. Leasing and reverse leasing services are available with a loan term from 3 to 84 months and a loan amount from 500 to 15000 EUR. Consumer credit service is available with a loan term from 3 to 48 months with a loan amount from 100 to 3000 EUR, maximum interest rate per year - 90%. * Representative example of leasing or reverse leasing for Gold client / Standard client: Loan term - 36 months, loan rate 20.40% /45.60%, APR - 26.83% /69.51%, processing fee - 5% / 10% of the loan amount, monthly payment 176.56 EUR / 254.59 EUR. Loan amount - 5000.00 EUR (total amount for payment 6658.92 EUR / 9165.24 EUR, given that the loan is repaid on time). Representative example of a consumer loan: Loan term - 48 months, loan rate - 42.00%, APR - 51.11%, processing fee - 0 EUR. Loan amount - 3000.00 EUR, monthly payment - 129.92 EUR (total amount for payment 6236.16 EUR, taking into account that the loan is repaid on time).

28-09-2023 16:47:50