CSRF on developer.zendesk.com via Cache Deception
Medium
Z
Zendesk
Submitted None
Team Summary
Official summary from Zendesk
October 2018 - It was found under certain circumstances when arbitrary files were requested the response would be cached leading to leakage of a CSRF token. The scope of this was limited to developer.zendesk.com. We appreciate the great submission and work from @imran1121!
Actions:
Reported by
imran0x01
Report Details
Additional information and metadata
State
Closed
Substate
Resolved