- Status Closed
-
Assigned To
nferrari - Private
Opened by monty099 - 21.10.2025
Last edited by nferrari - 21.10.2025
FS#232 - Title: User IP Address Disclosure in Support Tickets in [admin.alwaysdata.com]
Description:
While testing the ticket feature in the support system, I noticed that the sender’s IP address is visible to all users participating in the same ticket. This behavior leads to an unjustified exposure of sensitive information and constitutes a violation of user privacy, as the IP address can reveal the user’s approximate location and service provider.
Steps to Reproduce:
1. Create a new support ticket.
2. Add another user to the same ticket.
3. Send a message from user account (A).
4. Observe that the IP address of user A appears next to the message and can be seen by the other user.
POC:
https://admin.alwaysdata.com/support/89988/
Impact:
Any participant in the ticket can view the IP address of other users.
This is a clear violation of user privacy and conflicts with data protection policies and laws.
Recommendation:
Hide the IP address from regular users and make it visible only to support staff or administrators.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
POC
Hi,
Thank you for your report. We will prepare an update and come back to you on your support ticket.
Regards,