Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk Explore service. Zendesk Explore allows organizations to view and analyze key information about their customers, and their support resources.
Threat actors would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk accounts having the Explore service enabled. The experts are not aware of attacks in the wild.
“To exploit the vulnerability, an attacker would first register for the ticketing service of its victim’s Zendesk account as a new external user. Registration is enabled by default because many Zendesk customers rely on end-users submitting support tickets directly via the web.” reads the advisory published by Varonis. “Zendesk Explore is not enabled by default but is heavily advertised as a requirement for the analytic insights page.”
Varonis reported the flaws to Zendesk which started working on a fix the same day they were reported. The company addressed multiple vulnerabilities in less than one workweek.
In order to exploit these flaws, an attacker has to register for the ticketing service of the target’s Zendesk account as a new external user. The experts highlighted that this is a feature that’s likely enabled by default to allow end-users to submit support tickets.
The SQL injection vulnerability resides in the GraphQL API execute-query, an attacker can abuse it to exfiltrate all information (email addresses of users, leads, and deals from the CRM, live agent conversations, tickets, help center articles, and more) stored in the database as an admin user.
The second critical issue is a logic access flaw associated with a query execution API. The researchers pointed out that the execute-query API did not perform the following logical checks:
Varonis reported the issues to Zendesk on August 30 and the company addressed it on September 8, 2022.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Zendesk Explore)
[adrotate banner=”5″]
[adrotate banner=”13″]
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
This website uses cookies.