Unauthorized Ticket can be created by an Attacker in user's Helpdesk account

Hey Team! I was able to create a ticket in any user's Support.hackerone.com account without authorization, and can write whatever I wanted in that ticket. Normally, in order to get help, users are required to log in and create a ticket. However, due to this flaw, I could create tickets on behalf of any user without their permission or knowledge. ### Steps To Reproduce 1. Go to https://emkei.cz/ and enter victim's email as the sender, and [email protected] as the receiver. Fill out other necessary details. 2. Solve the captcha and send the email. 3. Check your helpdesk account at support.hackerone.com and you will see new ticket. ### Optional: Supporting Material/References (Screenshots) https://medium.com/@khaled.hassan/hacking-thousands-of-companies-through-their-helpdesk-8f180a8595ef POC : ████ ## Impact Unauthorized user can create tickets in any user's help desk account!