Exposed media uploads
under review
A
Andrew Roper
The media upload of files is publicly available. Even though the link is not necessarily easy to guess, the data is still publicly available and presents a flaw on data protection. Enabling HIPAA compliance does not make any difference, the media items have no request for authentication when visiting a link to the uploaded file. All form fields should be treated as sensitive data, including file uploads. This is a security risk for anyone using the file upload form field to collect personal data in some way.
C
Chris Forsey
YES PLEASE... We have a lot of accountants that want to use GHL to collect documents but are unable to do so because of this problem (documents publicly visible to those with the link). Hoping for a solution soon. Thanks!
S
Sales & Marketing
under review
B
Bethan Perel
Sales & Marketing: Excellent! Thanks very much for your attention on this security weakness.
F
Farhad Irani
Sales & Marketing Any updates on the review? This is definitely an important one.
A
Ammon Allen
Yes, We need our uploaded documents to be protected as well!!!