Happy Business Starts Here


Data Query Access and Security Deficiencies

We have discovered that the new Data Query function has significant and highly concerning security deficiencies.


  • Any user, even those with read only access, are able to access and run Data Queries if they simply go directly to the URL
  • Any user is able to export other user's data queries
  • We are not able to see who created a data query

Zuora should alert it's entire community to these deficiencies as well as resolve these with immediate criticality.