Reporting Security Issues

We want to keep Jumia safe for everyone. If you’ve discovered a security vulnerability in our systems or in one of our applications, we appreciate your help in disclosing it to us in a responsible manner.

Publicly disclosing a vulnerability can put everyone at risk. If you’ve discovered a security issue, we appreciate responsible disclosure of the details to our team. Please inform us following the procedure described below. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concerns. We consider vulnerability disclosures our highest priority and we will try to address any issue as quickly as possible

Scope

We are primarily responsible for the following scopes:

  • *.jumia.*
  • Jumia apps on the iOS and Android app stores

Social engineering, phishing, DDoS, spam or physical attacks are not allowed. When in doubt, act responsibly and get in touch with us for any questions.

Disclosure

If you believe you’ve found a security vulnerability in one of our platforms please send it to us by emailing [email protected].
We encourage the usage of GPG-encrypted mails, as detailed below. Please include the following details with your report:

  • Description of the location and potential impact of the vulnerability
  • A detailed description of the steps required to reproduce the security issue (PoC scripts, screenshots, session recordings)
  • Your name/handle for recognition in our Hall of Fame.

Secure Communications

If you want to disclose a particularly sensitive security issue, we recommend you to encrypt any communications to us.
Our GPG key is listed here below and available on public keyservers.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org

mQINBFqP7egBEADAdP8nQm8QbJcR9/Gd/nWnVTsODpS/uFqCcKKWqOISVopTF19j
CvAAFTPi+RTDd9OaMht/SrQfiHPAI/LL0NkQdgiVthdGekNv7cRx7qHt/0KAgVjM
ittmSPefJ4IMXfgTmWMtEmSrcBGnMaePM4jrbf+rQehF/yN0LpyZD5Y73zkbKu5N
8be4V0+qKvCYdL1l3k13NcX+9+v6/If+EbZ+XommXxk5WmReG9ECrR0u+R1FTAox
hN+8y71LvFFVqqdb5oAgmEQlGlPvqa92SxdFY1Hh5ZbT720Nmp0ipPrwMVFgsBiK
FEBJSQ3HK4HT3tUaH1wj9KP5EgDPBsJcJCBVgX7v05tioLwiKqf0loKp5mfUpk6N
3SGJeiaerJATb6Z+RggIYIvc0THSchOZzoms+9W7UHGyiXNkljc7EiRCImHIvB6i
rt6Am14bo8PTRT3UL4WvOOWTXx6382d/YH7VolwJMmwnYj1xayKDNmOhocPzktPE
t2Ki1udGFddIGr5ooj+DQaMO1Yes7kf0Llb6eCzKN7v1L33tRQJmKxVhxXLjwCPj
OSG75Mh51fiuSt3kaHsx6uD7agV+TRB6Pqd/7l3zoIOcF2DBZI3OXU+Jy7rYqWYg
GUgGBWVgIInSIVJYkd8AMH/DfsC/TYeCtAeiga/JSnVuOWbFy4w/jvxlqQARAQAB
tChKdW1pYSBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBqdW1pYS5jb20+iQJUBBMB
CgA+FiEE48gcZViNxhXV/e8x4dsLn0pPUrAFAlqP7egCGwMFCQeGH4AFCwkIBwMF
FQoJCAsFFgIDAQACHgECF4AACgkQ4dsLn0pPUrCh6g/+JmcRtNbJpZp6F1mV0XJu
ETfArvqMGhMaegGPefsR3WRwHTVoFyBUREopG39W8P8LJwhlTQEqTDup7KwOBkWF
3GNJYvH392E0BbvR6eUdTR6l5NSHNflEVRqdelp0RwhI6xzYE7PDZERDQAX5bvkF
mMSAeaINu/h3cg9bdxIbsR0zqwvbXH3ulfjh+dQ984MIa/u0CcDuw49bWELmT5Dr
w2+uUIpX8/DbfvFgeIrqRB/trVVkAkV04Z0lH1nITFO5kYThIGy+WPeQRabH5LIq
VB/hmaBvwinNSmP/mcrrOrCjrnGIM2Fi5Gm9abq+ajVJITmaab51oXzeJJ9OlM6A
9B2LlCBkGTsdUReD+HLazCyrxDohZXbkPLXaQKswyldjGENSvFZtsJ+IZOBfJ2jV
yz4A0JrtbFVzvEnzz5OloTu6MfQgXmIuophVB8kVcV9PzQfoXXM5kmo+4gsIANG4
ZHqqH0WAqxv524rXRE1mdPN4xkhIRihFWBngP5N8akJYuJ4w3Hfp8C1oP7W3h6WN
vSqWm2gzaWUhOhNghV2jG+w38RawVug+sN4NnJ/rdwepB1MeB069DjP2su9up4jV
/923Q4H8WQdLvq8rBnIijgfkd7aToFOUNaEum2Pig6qRVrST5upH+XlWYx9pnkcG
nD56lbJeWt4nngS3fiyrvi25Ag0EWo/t6AEQALd360O9Ix9PDmPQRtOxJ52XP5HE
lSqOVYGqg348H0m3L9pKciFJRyP851O4O1cpLUJ++MyOVzkP0V44N5A/xy42ckFk
v7r3JwwNT2aS+XJStYocPyC0+/2Ui27tVkV4yolJOugR10+hMmvWz98RUjhHGTVw
t5wAsPDJwlkBe64dzgPcISV+8EzS3E37lWBPeXabMclirGatV1LHd9EBKIHq3A1u
IebICArxSfiU57ZxszxX2Akj31ffaFcg8O5xIOl7uH2aiEma7XOszmS+QPdxRSh4
971jQVEUE7N5PUo2i3x1sNlZiczamdvbwnFzqLq7zBX+N+0lQAgvniC7s7eI6YO2
jbH1vgVPlxHrXrAaIeInS2zUE2ZPrqxIFW72hG9CC0vADfvN3X/5USF9k8bsKw91
b3+nu6Xk+VGLidC7C+BKspO2wQg2SBPIwKOIrnq4M+vEZDKiAjsIjHbJEMj1BZpG
fyPeEntmIFIs16lQPBmsSDHjMHBSJxNCLNxyNEfIhiXs1PYKQfuTS+97Ma/5zYVL
ZERQcivGMqQqo3V2LC2F/RFV7Gcmeg7da/J/8mcv+fmW+VbhfOquZ3a/HnohTjh8
pci5aBHdKd6iOqC9f3w5uj/T3+O5WksQl7q65vIGWCbZhWEdsHqty8ZyMgcu+MTA
Jg38FPYpzhiRf6E/ABEBAAGJAjwEGAEKACYWIQTjyBxlWI3GFdX97zHh2wufSk9S
sAUCWo/t6AIbDAUJB4YfgAAKCRDh2wufSk9SsLRGD/93WbC4SEVszZQ0Uh+2habg
djGRQtp0SL/OncbsGOQJ9+DkkFSDHhhjKJrZgP2E2jzdApz++GwfM8boGF9/EWsz
hSSwsKV8/HqV2VlnHmZe3AxfFVwm/2U/RgrviozVS7UxDwfMGVrrPnudD+wX3xCu
wt3CpuL5dWOi89GgbUAtjVP8EYhFmCg1GUqIDK5kJLyzFqN7rQBYOFBcrWDRz/uB
DvOCWqZXUvoB9HZabiYby2VFBVa5QF2lm1YA88n8dDCbfbbaMYv6oLKBBWZt7QYI
8LDdYprfM/IpepnbNeZhGzTEoWlskH8rHSpR3lAJxHo4La2jWF6yPw7x2f7SqVHq
4LUOW5R/TUhfqObqPJAv1O/2V08ayUtz+A7fFGbsWF1ej4gG3reC6cKj0gmCsTaT
0TKqyGeYXezDzUdb5iyGNEm1a0V4+LM5rjmgp/gOVEXd/XC4UyuwSxX+EjcFw5Qo
WSfnUaqLTBTJFFajR7eD01lF1KcYFPZp24McOTcKN1aY3rXar9ytbjBbHUZJoOGu
47Pc/sG9RLYFc1Lql76LeolcdbXP4onlKE6B4w9X/hL1oNfsbVjqW92NYlegh7HL
EAtB3EG/esktnzRaMF/7Ck3HN4rS6C3Bn5yJS53YQS0Vx0r5T7Gf5ahem7uflIGP
E2lQVXy2SLPQnjg1gn1Ycw==
=pj/Q
-----END PGP PUBLIC KEY BLOCK-----

Contributors

We would like to thank the following people who helped improve our security:

July 2019

August 2019