Pesquisas recentes
Sem pesquisas recentes
Uploading .jar, .exe, etc. files
Publicado 16 de out. de 2024
When uploading files from the contact form, We would like the file extensions to be verified so that files such as .jar and .exe cannot be uploaded.
1
5
5 comentários
Shawna James
Can I point you in the direction of our product feedback template? This template has been designed by community members and PM's to help users provide the most accurate details for their feature request so that we can better understand your use case and needs. If you could, we would appreciate you taking the time to update your post and utilize the template.
For others who may be interested in this feature request, please add your support by upvoting this post and/or adding your use case to the comments below. Thank you again!
0
Yukihiro Yamamoto
Hi, Shawna
Please refer to the following.
>1. Please give a quick overview of your product feature request or feedback and note who in your org is affected by this issue [ex. agents, admins, customers, etc.]. (2-3 sentences)
You can upload files when you originate a request to Zendesk from our support page, but when you use the link on our domain that is generated for the attachment after the upload, if you have an account to log in to the environment that Zendesk has assigned for our use and If you have logged in, you are in a position to download any file from Zendesk.
Since no extension verification is performed, the situation is such that executable file extensions can also be uploaded.
This is about what I reported in the following link.
https://support.zendesk.com/hc/en-us/community/posts/8206941511450
We assume that those affected by this are mainly our customers, but as stated above, anyone who has an account to log in to the environment that Zendesk assigned out for our company and has fulfilled the requirement to log in can download the files.
>2. What problem do you see this solving? (1-2 sentences)
If this problem is solved, it would solve the risk of letting people download arbitrary files (especially malware) using links from our domain.
>3. When was the last time you were affected by this lack of functionality, or specific tool? What happened? How often does this problem occur and how does this impact your business? (3-4 sentences)
We became aware of this event through a report from a bona fide third party, but no one is actually affected at this time.
We are reporting this incident because we want to prevent problems before they occur.
As for the business impact, if an attack were to occur using this incident, there could be contamination of the environment of those who have downloaded the software, as well as reputational risk to our company.
>4. Are you currently using a workaround to solve this problem? (If yes, please explain) (1-2 sentences)
No,
>5. What would be your ideal solution to this problem? How would it work or function? (1-2 sentences)
The ability to prohibit the uploading of executable files (e.g. .exe or .jar) that are deemed unnecessary when making a request to Zendesk from our support page, and the ability for the installing company to select the file extensions that can be uploaded.
Either that, or the functionality in the following link, which we have posted separately, should be provided.
https://support.zendesk.com/hc/en-us/community/posts/8206941511450
0
Shawna James
0
bianca bezerra
Hi, this feature was implement?
0
Shawna James
0