Details
-
Suggestion
-
Resolution: Unresolved
-
1
-
Description
Issue Summary
An issue has been identified with the Customer Satisfaction survey link that is shared after the closure of a request. Specifically, when a request is marked as closed and a user submits ratings/feedback on that request, another user with access to the same link can also submit ratings on the issue.
Steps to Reproduce
- Create an issue in a project where CSAT is enabled.
- Close the issue and trigger the CSAT email.
- Select the rating and submit it.
- Use the same link in incognito mode and observe that you are able to update the ratings.
Expected Results
- The system should restrict access for any user other than the reporter or recipient who received the link from submitting ratings.
- Once ratings have been submitted, further submissions should be disallowed.
Actual Results
Currently, if someone gains access to the survey link, they are able to successfully submit ratings on the ticket even though it should only allow submissions by authorized users such as reporters or recipients of the link.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- relates to
-
JSDCLOUD-4056 Expire Satisfaction Feedback Token
- Gathering Interest
- has action
-
REQIN-502 Loading...
- mentioned in
-
Page Loading...