PT-2021-18759 · Zendesk · Zendesk

Published

2021-04-29

Updated

2021-04-29

CVE-2021-30492

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Zendesk library (affected versions not specified)

Description The issue is related to a lack of input validation of the Zendesk subdomain, which could expose users of the library to Server Side Request Forgery (SSRF).

Recommendations Validate the provided Zendesk subdomain to be a valid subdomain in the getAuthUrl and getAccessToken functions.

SSRF

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-20

Related Identifiers

CVE-2021-30492

GHSA-Q348-F93X-9GX4

Affected Products

Zendesk

PT-2021-18759 · Zendesk · Zendesk

CVE-2021-30492

Weakness Enumeration

Related Identifiers

Affected Products

References · 4