Recent searches


No recent searches

Yukihiro Yamamoto's Avatar

Yukihiro Yamamoto

Joined Oct 22, 2021

·

Last activity Oct 18, 2024

Following

0

Followers

0

Total activity

8

Vote

1

Subscriptions

3

ACTIVITY OVERVIEW

Latest activity by Yukihiro Yamamoto

Yukihiro Yamamoto commented,

Community comment Feedback - Help Center (Guide)

Hi, Shawna

Please refer to the following.

 

>1. Please give a quick overview of your product feature request or feedback and note who in your org is affected by this issue [ex. agents, admins, customers, etc.]. (2-3 sentences)

 

You can upload files when you originate a request to Zendesk from our support page, but when you use the link on our domain that is generated for the attachment after the upload, if you have an account to log in to the environment that Zendesk has assigned for our use and If you have logged in, you are in a position to download any file from Zendesk.
Since no extension verification is performed, the situation is such that executable file extensions can also be uploaded.

This is about what I reported in the following link.

https://support.zendesk.com/hc/en-us/community/posts/8206941511450

 

We assume that those affected by this are mainly our customers, but as stated above, anyone who has an account to log in to the environment that Zendesk assigned out for our company and has fulfilled the requirement to log in can download the files.

 

 

 

>2. What problem do you see this solving? (1-2 sentences) 

 

If this problem is solved, it would solve the risk of letting people download arbitrary files (especially malware) using links from our domain.

 

>3. When was the last time you were affected by this lack of functionality, or specific tool? What happened? How often does this problem occur and how does this impact your business? (3-4 sentences)

 

We became aware of this event through a report from a bona fide third party, but no one is actually affected at this time.
We are reporting this incident because we want to prevent problems before they occur.

 

As for the business impact, if an attack were to occur using this incident, there could be contamination of the environment of those who have downloaded the software, as well as reputational risk to our company.

 

>4. Are you currently using a workaround to solve this problem? (If yes, please explain) (1-2 sentences)

No,

 

 

>5. What would be your ideal solution to this problem? How would it work or function? (1-2 sentences)

 

The ability to prohibit the uploading of executable files (e.g. .exe or .jar) that are deemed unnecessary when making a request to Zendesk from our support page, and the ability for the installing company to select the file extensions that can be uploaded.
Either that, or the functionality in the following link, which we have posted separately, should be provided.

https://support.zendesk.com/hc/en-us/community/posts/8206941511450

View comment · Posted Oct 18, 2024 · Yukihiro Yamamoto

0

Followers

0

Votes

0

Comments


Yukihiro Yamamoto created a post,

Post Feedback - Help Center (Guide)

When uploading files from the contact form, We would like the file extensions to be verified so that files such as .jar and .exe cannot be uploaded.

Posted Oct 16, 2024 · Yukihiro Yamamoto

1

Follower

3

Votes

5

Comments


Yukihiro Yamamoto created a post,

Post Feedback - Help Center (Guide)

When a file is uploaded through the contact form, a link is generated that can be accessed by anyone. I would like to request either a way to prevent the link from being accessed or to stop the file link from being generated altogether.

 

I reached out to Zendesk support and received the following response, which I am passing along as part of this request:

"We believe that the scenario where an end user shares a file URL with other end users before ticket creation is an extremely rare use case that deviates from standard usage. However, if an end user does share a file URL with other end users before a ticket is generated, it is currently not possible to set access restrictions on that URL. "
 

Posted Oct 16, 2024 · Yukihiro Yamamoto

0

Followers

1

Vote

1

Comment


Yukihiro Yamamoto created a post,

Post Feedback - Ticketing system (Support)

We are getting personal information attachments from our customers. I would like to remove the attachment from the ticket with a closed status.It would be nice to be able to delete them all at once.

Posted Sep 13, 2021 · Yukihiro Yamamoto

2

Followers

13

Votes

20

Comments