Researchers discovered two different vulnerabilities riddling Zendesk Explore security. Exploiting the flaws could allow an adversary to leak customer data. The vendors patched the flaws before a malicious exploit, thus protecting the users.
Zendesk Explore Vulnerabilities
According to a recent post from Varonis Threat Labs, their researchers found multiple security vulnerabilities in Zendesk Explore.
Specifically, Explore is a dedicated reporting and analytics service from Zendesk, facilitating customer services. Since the service directly deals with customer support, any vulnerabilities could directly impact customers’ data. That’s what the researchers have stated in their report while describing the impact of possible exploit.
The flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk accounts with Explore enabled.
As explained, the first of these security flaws in Zendesk Explore includes an SQL injection. Exploiting this vulnerability allowed Varonis researchers to extract the list of tables from the platform’s RDS instance and exfiltrate other data from the database.
Then the second issue they reported was a logical access flaw. Due to the lack of logical checks on requests at the execute-query API, the flaw allowed the researchers to modify the documents exposing the ‘inner workings of the system.’
Moreover, the researchers noticed a failure to evaluate if the “query,” “datasources,” and “cubeModels” IDs belonged to the current user. Whereas another, more severe impact of this flaw allowed data exfiltration. As stated,
The API endpoint did not verify that the caller had permission to access the database and execute queries. This meant that a newly created end-user could invoke this API, change the query, and steal data from any table in the target Zendesk account’s RDS, no SQLi required.
Exploiting these vulnerabilities merely required an adversary to register with the ticketing system of the target Zendesk account. While Zendesk Explore isn’t enabled automatically, new user registration is enabled by default, risking the systems with Explore enabled.
Patches Deployed
Following this discovery, Varonis researchers contacted Zendesk officials and reported the bugs. In response, Zendesk quickly patched the vulnerabilities, preventing any security risks associated with potential exploits.
The researchers confirm the patches, assuring customers not to worry about any actions required.
Let us know your thoughts in the comments.