Happy Business Starts Here

Data Query Access and Security Deficiencies

Highlighted
Honor Student

Data Query Access and Security Deficiencies

We have discovered that the new Data Query function has significant and highly concerning security deficiencies.

 

  • Any user, even those with read only access, are able to access and run Data Queries if they simply go directly to the URL
  • Any user is able to export other user's data queries
  • We are not able to see who created a data query

Zuora should alert it's entire community to these deficiencies as well as resolve these with immediate criticality.