Pesquisas recentes


Sem pesquisas recentes

Uploading .jar, .exe, etc. files



Publicado 16 de out. de 2024

When uploading files from the contact form, We would like the file extensions to be verified so that files such as .jar and .exe cannot be uploaded.


1

5

5 comentários

image avatar

Shawna James

Community Product Feedback Specialist

Hello Y.Yamamoto, thank you for taking the time to provide us with your feedback.
 
Can I point you in the direction of our product feedback template? This template has been designed by community members and PM's to help users provide the most accurate details for their feature request so that we can better understand your use case and needs. If you could, we would appreciate you taking the time to update your post and utilize the template.
 
For others who may be interested in this feature request, please add your support by upvoting this post and/or adding your use case to the comments below. Thank you again!

0


Hi, Shawna

Please refer to the following.

 

>1. Please give a quick overview of your product feature request or feedback and note who in your org is affected by this issue [ex. agents, admins, customers, etc.]. (2-3 sentences)

 

You can upload files when you originate a request to Zendesk from our support page, but when you use the link on our domain that is generated for the attachment after the upload, if you have an account to log in to the environment that Zendesk has assigned for our use and If you have logged in, you are in a position to download any file from Zendesk.
Since no extension verification is performed, the situation is such that executable file extensions can also be uploaded.

This is about what I reported in the following link.

https://support.zendesk.com/hc/en-us/community/posts/8206941511450

 

We assume that those affected by this are mainly our customers, but as stated above, anyone who has an account to log in to the environment that Zendesk assigned out for our company and has fulfilled the requirement to log in can download the files.

 

 

 

>2. What problem do you see this solving? (1-2 sentences) 

 

If this problem is solved, it would solve the risk of letting people download arbitrary files (especially malware) using links from our domain.

 

>3. When was the last time you were affected by this lack of functionality, or specific tool? What happened? How often does this problem occur and how does this impact your business? (3-4 sentences)

 

We became aware of this event through a report from a bona fide third party, but no one is actually affected at this time.
We are reporting this incident because we want to prevent problems before they occur.

 

As for the business impact, if an attack were to occur using this incident, there could be contamination of the environment of those who have downloaded the software, as well as reputational risk to our company.

 

>4. Are you currently using a workaround to solve this problem? (If yes, please explain) (1-2 sentences)

No,

 

 

>5. What would be your ideal solution to this problem? How would it work or function? (1-2 sentences)

 

The ability to prohibit the uploading of executable files (e.g. .exe or .jar) that are deemed unnecessary when making a request to Zendesk from our support page, and the ability for the installing company to select the file extensions that can be uploaded.
Either that, or the functionality in the following link, which we have posted separately, should be provided.

https://support.zendesk.com/hc/en-us/community/posts/8206941511450

0


image avatar

Shawna James

Community Product Feedback Specialist

Thank you! This is a helpful update and we appreciate the additional information. 

0


Hi, this feature was implement?

0


image avatar

Shawna James

Community Product Feedback Specialist

Hi Bianca, this feature has not been released per my understanding. Thank you!

0


Por favor, entrar para comentar.

Não encontrou o que estava procurando?

Nova publicação