[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SaaS Marketing platform Hubspot export vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SaaS Marketing platform Hubspot export vulnerability
From: security@xxxxxxxxxxx
Date: Thu, 28 Aug 2014 16:17:52 GMT

We at HubSpot take the concerns of the security community seriously, and 
continuously work to improve our posture in this ever-changing field. We do 
have predefined roles in the application which allow our customers to segment 
users permissions based on their role. These horizontal permissions are quite 
common among SaaS vendors.

The export functionality mentioned does have existing auditing capability in 
the back end. For exports, we have full audit trails for the timestamp, link to 
the file, customer id, and user id for all requests. We have never exposed this 
audit data to our customers through the UI because there has never been a high 
demand for this functionality. This issue is now in queue with our Engineering 
team and we will be releasing it shortly.

Prev by Date: [SECURITY] [DSA 3014-1] squid3 security update
Next by Date: Sierra Library Services Platform Multiple Vulnerability Disclosure
Previous by thread: SaaS Marketing platform Hubspot export vulnerability
Next by thread: [SECURITY] [DSA 3012-1] eglibc security update
Index(es):
- Date
- Thread