Unrestricted File Upload Vulnerability



  • Max McCal
    Zendesk Product Manager

    UPDATE: We're no longer looking for volunteers, but are still working on this solution, and expect to have something to show for it in early 2022.


    Hey, all --

    Dropping in to this thread to mention that we are actively working on a Malware Scanning tool in Zendesk, and we're looking for some customer eyes to come see what we're planning. If you're willing to give us 30 minutes of your time, you can sign up here for a time on my calendar. We'll show you some of our plans and ask for your opinions. 

    While we're not currently working on file type restrictions, that is something that we're looking into as a future release.

  • Caroline Kello
    Zendesk Product Manager


    Thanks for reaching out. Together with our Product Security team we're currently looking into what we can do for malware attachment scanning, regardless of attachment origin. Currently we only offer scanning for email attachments so you're correct that there's more we should do from a product security standpoint. 

    Thanks for raising this, 


  • Alfredo Roca

    The file type restrictions are not working in the contact form. This should be easy to fix.

  • George Manning

    Hi there. Any update on this security issue? This was flagged as a security issue during a recent audit. 

  • George Manning

    PS: I believe there is a typo in the original post.

    Original: I found that by domain/application...

    Likely intent: I found that my domain/application...


Please sign in to leave a comment.

Powered by Zendesk