Unrestricted File Upload Vulnerability

計画済み

10 コメント

  • 正式なコメント
    Max McCal
    Zendesk Product Manager

    UPDATE: We're no longer looking for volunteers, but are still working on this solution, and expect to have something to show for it in early 2022.

     

    Hey, all --

    Dropping in to this thread to mention that we are actively working on a Malware Scanning tool in Zendesk, and we're looking for some customer eyes to come see what we're planning. If you're willing to give us 30 minutes of your time, you can sign up here for a time on my calendar. We'll show you some of our plans and ask for your opinions. 

    While we're not currently working on file type restrictions, that is something that we're looking into as a future release.

  • Caroline Kello
    Zendesk Product Manager

    Hello,

    Thanks for reaching out. Together with our Product Security team we're currently looking into what we can do for malware attachment scanning, regardless of attachment origin. Currently we only offer scanning for email attachments so you're correct that there's more we should do from a product security standpoint. 

    Thanks for raising this, 

    Caroline

    0
  • Alfredo Roca

    The file type restrictions are not working in the contact form. This should be easy to fix.

    0
  • George Manning

    Hi there. Any update on this security issue? This was flagged as a security issue during a recent audit. 

    0
  • George Manning

    PS: I believe there is a typo in the original post.

    Original: I found that by domain/application...

    Likely intent: I found that my domain/application...

    0
  • Phil Baker

    Hi,

    Will this solution apply to uploads to Gather (community) posts?

    Thanks,

    Phil

    0
  • Ben Steele

    Max McCal - Hi, is there any update on this? Like many above and in separate posts, this has been flagged as a concern through a security audit.

    0
  • Chika Chima
    Zendesk Product Manager

    Hi! Ben Steele

    Thank you for your question and concerns!

    We are working to rollout the Malware Scanning feature towards the beginning of June 2022. There will be more information here on the help center soon.

    -1
  • Phil Baker

    Hi Chika Chima

    Will this rollout allow uploads to Gather (community) posts?

    Thanks,

    Phil

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Phil,

    Unfortunately it is not on this first release. For future releases, we are looking into more integrations of products

    -1

サインインしてコメントを残してください。

Powered by Zendesk