Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on.
“Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk accounts with Explore enabled,” Varonis said in a report shared with The Hacker News.
The cybersecurity firm said there was no evidence to suggest that the issues were actively exploited in real-world attacks. No action is required on the part of the customers.
Zendesk Explore is a reporting and analytics solution that allows organizations to “view and analyse key information about your customers, and your support resources.”
images from Hacker News