Zendesk


reports in last 90 days

40

disclosed resolved issues

2

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Stored XSS in Macro Editing - Introduced by Admins to affect Admins

Cross-site Scripting (XSS) - Stored hariharan-s Time to triage: 0 Days and 2 hours


Time to close: 197 Days and 10 hours
Resolved

Critical Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.

None supplied rubyroobs Time to triage: 0 Days and 0 hours


Time to close: 5 Days and 8 hours
Resolved

Critical Leaked artifactory_api_key via GitHub.

None supplied rubyroobs Time to triage: 0 Days and 2 hours


Time to close: 4 Days and 15 hours
Resolved

High Blind XSS via Suspended Ticket Recovery

Cross-site Scripting (XSS) - Reflected trimatra-sec Time to triage: 0 Days and 12 hours


Time to close: 44 Days and 22 hours
Resolved

Medium Admin Macro Description Stored XSS

Cross-site Scripting (XSS) - Stored hariharan-s Time to triage: 6 Days and 22 hours


Time to close: 8 Days and 1 hours
Resolved

High Stored Cross Site Scripting on Zendesk agent dashboard

Cross-site Scripting (XSS) - Stored apfeifer27 Issue was not triaged


Time to close: 9 Days and 1 hours
Resolved

Medium dom based xss in *.zendesk.com/external/zenbox/

Cross-site Scripting (XSS) - DOM sergeym Issue was not triaged


Time to close: 7 Days and 6 hours
Resolved

High Secret API Key Leakage via Query String

Information Disclosure luckydivino Time to triage: 29 Days and 7 hours


Time to close: 40 Days and 22 hours
Resolved

Low XSS with needed user intervention

Cross-site Scripting (XSS) - Generic irotem2 Time to triage: 8 Days and 6 hours


Time to close: 19 Days and 6 hours
Resolved

No rating Race Condition in Article "Helpful" Indicator

None supplied cablej Time to triage: 6 Days and 23 hours


Time to close: 622 Days and 4 hours
Resolved

Medium Unvalidated / Open Redirect

Open Redirect boniao_norwin Time to triage: 2 Days and 11 hours


Time to close: 131 Days and 23 hours
Resolved

No rating Stored XSS in Draft Articles.

Cross-site Scripting (XSS) - Generic harry_mg Time to triage: 2 Days and 12 hours


Time to close: 161 Days and 15 hours
Resolved

No rating open redirect in <your_zendesk>.zendesk.com

Open Redirect zombiehelp54 Time to triage: 164 Days and 1 hours


Time to close: 21 Days and 5 hours
Resolved

No rating Remote code execution as root on [REDACTED]

Code Injection agarri_fr Time to triage: 0 Days and 20 hours


Time to close: 124 Days and 1 hours
Resolved

No rating SSRF issue in "URL target" allows [REDACTED]

Information Disclosure agarri_fr Time to triage: 0 Days and 23 hours


Time to close: 117 Days and 22 hours
Resolved

Critical Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks

Improper Authentication - Generic intidc Time to triage: 20 Days and 17 hours


Time to close: 91 Days and 5 hours
Resolved

Medium express config leaking stacktrace

Information Disclosure prbln Time to triage: 3 Days and 18 hours


Time to close: 23 Days and 10 hours
Resolved

No rating Error stack trace enabled

Information Disclosure 4lemon Time to triage: 1 Days and 4 hours


Time to close: 63 Days and 19 hours
Resolved

High a stored xss in web widget chat

Cross-site Scripting (XSS) - Generic boniao_norwin Time to triage: 8 Days and 10 hours


Time to close: 6 Days and 15 hours
Resolved

Medium Android SDK - CREATE_REQUEST broascast is unprotected

Information Disclosure bagipro Time to triage: 34 Days and 6 hours


Time to close: 69 Days and 22 hours
Resolved

No rating Missing function level access controls allowing attacker to abuse file access controls. Multiple vulnerabilities

Privilege Escalation abhijeth Issue was not triaged


Time to close: 22 Days and 21 hours
Informative

No rating XSS in zendesk.com/product/

Cross-site Scripting (XSS) - Generic virtualhunter Time to triage: 0 Days and 2 hours


Time to close: 24 Days and 21 hours
Resolved

No rating AWS S3 bucket writable for authenticated aws user

Improper Authentication - Generic dpgribkov Time to triage: 3 Days and 4 hours


Time to close: 100 Days and 1 hours
Resolved

Medium Full Sub Domain Takeover at wx.zopim.net

None supplied punkrock Issue was not triaged


Time to close: 7 Days and 1 hours
Resolved

No rating [status.zopim.com] Open Redirect

Open Redirect bobrov Time to triage: 0 Days and 6 hours


Time to close: 0 Days and 13 hours
Resolved