zendesk/zendesk_api_client_php is vulnerable to server side request forgery (SSRF). The vulnerability exists as it does not validate provided Zendesk subdomain to be a valid subdomain in the function getAuthUrl
and getAccessToken
, allowing an attacker to send arbitrary HTTP requests on behalf of the server.