We have discovered that the new Data Query function has significant and highly concerning security deficiencies.
- Any user, even those with read only access, are able to access and run Data Queries if they simply go directly to the URL
- Any user is able to export other user's data queries
- We are not able to see who created a data query
Zuora should alert it's entire community to these deficiencies as well as resolve these with immediate criticality.
