Vulnerabilites related to zulip - zulip_server
Vulnerability from fkie_nvd
Published
2019-09-18 12:15
Modified
2024-11-21 04:30
Severity ?
Summary
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA5469-A827-4562-9BF6-E7A1928EFF96",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself."
},
{
"lang": "es",
"value": "El servidor Zulip versiones anteriores a 2.0.5, valid\u00f3 de manera incompleta los tipos MIME de archivos cargados. Un usuario que haya iniciado sesi\u00f3n en el servidor podr\u00eda cargar archivos de ciertos tipos para montar un ataque de tipo cross-site scripting almacenado sobre otros usuarios registrados. En un servidor Zulip que usa el backend de carga local predeterminado, el ataque solo es efectivo contra los navegadores que carecen de soporte para Content-Security-Policy como Internet Explorer versi\u00f3n 11. En un servidor Zulip usando el backend de carga S3, el ataque es confinado en el origen del hostname de carga S3 configurado y no puede alcanzar al servidor Zulip en s\u00ed."
}
],
"id": "CVE-2019-16216",
"lastModified": "2024-11-21T04:30:17.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T12:15:10.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-18 08:29
Modified
2024-11-21 04:16
Severity ?
Summary
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DE824A-D5B4-452B-B485-2E3BA7AE14DC",
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend."
},
{
"lang": "es",
"value": "En las versiones anteriores a la 1.7.2 de Zulip Server, hab\u00eda un problema de Cross-Site Scripting (XSS) con las subidas de usuarios y el backend de almacenamiento (por defecto) LOCAL_UPLOADS_DIR."
}
],
"id": "CVE-2018-9999",
"lastModified": "2024-11-21T04:16:00.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-18T08:29:00.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-21 05:15
Modified
2024-11-21 05:00
Severity ?
Summary
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8A42E-F77C-454C-9641-3CB81F635FAC",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook."
},
{
"lang": "es",
"value": "Zulip Server versiones anteriores a 2.1.5, permite un ataque de tipo XSS reflejado por medio de un webhook de Dropbox."
}
],
"id": "CVE-2020-12759",
"lastModified": "2024-11-21T05:00:13.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T05:15:11.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-20 20:15
Modified
2024-11-21 05:40
Severity ?
Summary
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9B157D-1C22-421C-BB04-A4FE3B69AD70",
"versionEndIncluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality."
},
{
"lang": "es",
"value": "El servidor Zulip versiones anteriores a 2.1.3, permite un tabnabbing inverso por medio de la funcionalidad Markdown."
}
],
"id": "CVE-2020-9444",
"lastModified": "2024-11-21T05:40:39.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-20T20:15:11.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 21:15
Modified
2024-11-21 07:03
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the "public data" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports | Vendor Advisory | |
| security-advisories@github.com | https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F984B259-B8F4-4FE0-A277-62927E1B67BB",
"versionEndExcluding": "5.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a \"public data\" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the \"public data\" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. Zulip Server versiones 2.1.0, presentan una herramienta de interfaz de usuario, accesible s\u00f3lo para los propietarios y administradores del servidor, que proporciona una forma de descargar una exportaci\u00f3n de \"datos p\u00fablicos\". Aunque esta exportaci\u00f3n s\u00f3lo es accesible para administradores, en muchas configuraciones no es esperado que los administradores del servidor tengan acceso a los mensajes privados y a los flujos privados. Sin embargo, la exportaci\u00f3n de \"datos p\u00fablicos\" que los administradores pod\u00edan generar conten\u00eda el contenido de todos los archivos adjuntos, incluso los de los mensajes y flujos privados. Zulip Server versi\u00f3n 5.4 contiene un parche para este problema"
}
],
"id": "CVE-2022-31134",
"lastModified": "2024-11-21T07:03:58.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T21:15:09.910",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.securityfocus.com/bid/97159 | Third Party Advisory, Vendor Advisory | |
| support@hackerone.com | https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f | Patch, Third Party Advisory | |
| support@hackerone.com | https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97159 | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ | Patch, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C798D82E-5E3A-4784-9D67-3977B15FE8D5",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server."
},
{
"lang": "es",
"value": "Un error en la implementaci\u00f3n de una funci\u00f3n de suscripci\u00f3n autom\u00e1tica en la ruta check_stream_exists del servidor de aplicaciones de chat en grupo Zulip en versiones anteriores a 1.4.3 permiti\u00f3 a un usuario autenticado suscribirse a un flujo privado que deber\u00eda haber requerido una invitaci\u00f3n de un miembro existente para unirse. El problema afecta a todas las versiones liberadas anteriormente del servidor Zulip."
}
],
"id": "CVE-2017-0881",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.463",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/97159"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/97159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 12:15
Modified
2024-11-21 04:30
Severity ?
Summary
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA24B17E-136D-480B-8543-8268171A79B9",
"versionEndExcluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages."
},
{
"lang": "es",
"value": "El analizador Markdown en el servidor Zulip versiones anteriores a 2.0.5, us\u00f3 una expresi\u00f3n regular vulnerable al backtracking exponencial. Un usuario que haya iniciado sesi\u00f3n en el servidor podr\u00eda enviar un mensaje dise\u00f1ado causando que el servidor gaste una cantidad de tiempo de CPU efectivamente arbitraria y detenga el procesamiento de mensajes futuros."
}
],
"id": "CVE-2019-16215",
"lastModified": "2024-11-21T04:30:17.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T12:15:10.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-25 20:15
Modified
2024-11-21 08:54
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * | |
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9282FA-F4D4-4667-ADC6-6A3C7C83BB52",
"versionEndExcluding": "6.2",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85FB7719-4DA4-4E4A-B229-6827E35EEF32",
"versionEndExcluding": "8.1",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. Una vulnerabilidad en la versi\u00f3n 8.0 es similar a CVE-2023-32677, pero se aplica a invitaciones de usos m\u00faltiples, no a enlaces de invitaci\u00f3n de un solo uso como en el CVE anterior. Espec\u00edficamente, se aplica cuando la instalaci\u00f3n ha configurado no administradores para poder invitar a usuarios y crear invitaciones de usos m\u00faltiples, y tambi\u00e9n ha configurado solo administradores para poder invitar a usuarios a transmisiones. Al igual que en CVE-2023-32677, esto no permite a los usuarios invitar a nuevos usuarios a transmisiones arbitrarias, solo a transmisiones que quien invita ya puede ver. La versi\u00f3n 8.1 soluciona este problema. Como workaround, los administradores pueden limitar el env\u00edo de invitaciones a los usuarios que tambi\u00e9n tienen permiso para agregar usuarios a las transmisiones."
}
],
"id": "CVE-2024-21630",
"lastModified": "2024-11-21T08:54:45.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-25T20:15:40.423",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://zulip.com/help/configure-who-can-invite-to-streams"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://zulip.com/help/configure-who-can-invite-to-streams"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-21 05:15
Modified
2024-11-21 05:02
Severity ?
Summary
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8A42E-F77C-454C-9641-3CB81F635FAC",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations."
},
{
"lang": "es",
"value": "Zulip Server versiones anteriores a 2.1.5, presenta un Control de Acceso Incorrecto porque la funci\u00f3n 0198_preregistrationuser_invited_as agrega el papel de administrador a las invitaciones."
}
],
"id": "CVE-2020-14215",
"lastModified": "2024-11-21T05:02:53.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T05:15:11.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-21 05:15
Modified
2024-11-21 05:02
Severity ?
Summary
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8A42E-F77C-454C-9641-3CB81F635FAC",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link."
},
{
"lang": "es",
"value": "Zulip Server versiones anteriores a 2.1.5, permite tabnapping inverso por medio de un enlace de encabezado de tema."
}
],
"id": "CVE-2020-14194",
"lastModified": "2024-11-21T05:02:50.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T05:15:11.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-15 00:15
Modified
2024-11-21 06:04
Severity ?
Summary
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09622761-7CB9-4FD7-82B0-B80CD94D296D",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zulip Server versiones anteriores a 3.4.\u0026#xa0;Un bug en la implementaci\u00f3n de la funcionalidad API all_public_streams result\u00f3 en que usuarios invitados pudieran recibir tr\u00e1fico de mensajes a transmisiones p\u00fablicas que solo deber\u00edan haber sido accesibles para los miembros de la organizaci\u00f3n"
}
],
"id": "CVE-2021-30479",
"lastModified": "2024-11-21T06:04:00.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-15T00:15:13.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-18 04:15
Modified
2024-11-21 04:35
Severity ?
Summary
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E722ED7-3E20-4689-BE75-9608477BB7E2",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users."
},
{
"lang": "es",
"value": "El controlador del proceso de im\u00e1genes miniaturas en el servidor Zulip versiones 1.9.0 anteriores a la versi\u00f3n 2.0.8, permiti\u00f3 un redireccionamiento abierto que era visible para usuarios registrados."
}
],
"id": "CVE-2019-19775",
"lastModified": "2024-11-21T04:35:21.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-18T04:15:15.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-29 20:15
Modified
2025-04-09 18:54
Severity ?
Summary
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79C1AA50-573D-4D51-B7C7-C8566004DFEE",
"versionEndIncluding": "8.3",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers."
},
{
"lang": "es",
"value": "Zulip de 8.0 a 8.3 contiene una vulnerabilidad de p\u00e9rdida de memoria en el manejo de ventanas emergentes."
}
],
"id": "CVE-2024-36612",
"lastModified": "2025-04-09T18:54:42.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T20:15:20.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/1047524396/f7ff51d24ebbb29e21dfb70a0c97302b"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/zulip/zulip/blob/8.3/web/src/click_handlers.js"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/0a90a13becbf0338a8fc1ad37946e51c2c25b0a5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-15 00:15
Modified
2024-11-21 06:04
Severity ?
Summary
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09622761-7CB9-4FD7-82B0-B80CD94D296D",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zulip Server versiones anteriores a 3.4.\u0026#xa0;Un bug en la implementaci\u00f3n del permiso can_forge_sender (anteriormente es_api_super_user) hizo a unos usuarios con este permiso pudieran enviar mensajes que parec\u00edan enviados por un bot del sistema, inclusive a otras organizaciones alojadas por la misma instalaci\u00f3n de Zulip"
}
],
"id": "CVE-2021-30478",
"lastModified": "2024-11-21T06:04:00.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-15T00:15:13.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-07 19:15
Modified
2024-11-21 07:45
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | 2023-01-09 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:2023-01-09:*:*:*:*:*:*:*",
"matchCriteriaId": "31D6A69A-4A00-46FE-B1E4-43C140BF1C24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue."
}
],
"id": "CVE-2023-22735",
"lastModified": "2024-11-21T07:45:19.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-07T19:15:09.303",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/ | Vendor Advisory | |
| support@hackerone.com | https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE3C15-00D9-4490-B4C2-A61BF637A7D5",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm."
},
{
"lang": "es",
"value": "En Zulip Server en versiones anteriores a la 1.7.1, en un servidor con m\u00faltiples dominios, una vulnerabilidad en el sistema de invitaci\u00f3n deja que un usuario autorizado de un dominio del servidor cree un usuario en cualquier otro dominio."
}
],
"id": "CVE-2017-0910",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T16:29:00.217",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 23:15
Modified
2024-11-21 04:33
Severity ?
Summary
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2750ED60-DC77-4045-8AC9-1E5E3B35F8BB",
"versionEndExcluding": "2.0.7",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user\u0027s account."
},
{
"lang": "es",
"value": "En Zulip Server versiones 1.7.0 anteriores a 2.0.7, un error en el proceso nuevo registro de usuarios, significaba que usuarios que registraron su cuenta mediante autenticaci\u00f3n social (por ejemplo, GitHub o Google SSO) en una organizaci\u00f3n que tambi\u00e9n permite autenticaci\u00f3n de contrase\u00f1a podr\u00edan tener su clave API personal robada por parte de un atacante no privilegiado, permitiendo un acceso casi completo a la cuenta del usuario."
}
],
"id": "CVE-2019-18933",
"lastModified": "2024-11-21T04:33:51.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T23:15:13.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-20 20:15
Modified
2024-11-21 04:56
Severity ?
Summary
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/ | Vendor Advisory | |
| cve@mitre.org | https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA1B6AE-43BD-458C-909C-C50FC0974CE2",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover."
},
{
"lang": "es",
"value": "El servidor Zulip versiones anteriores a la versi\u00f3n 2.1.3, permite un ataque de tipo XSS por medio de un enlace Markdown, con una toma de control de cuenta resultante."
}
],
"id": "CVE-2020-10935",
"lastModified": "2024-11-21T04:56:24.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-20T20:15:11.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-02 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | 1.3.0 | |
| zulip | zulip_server | 1.3.1 | |
| zulip | zulip_server | 1.3.2 | |
| zulip | zulip_server | 1.3.3 | |
| zulip | zulip_server | 1.3.4 | |
| zulip | zulip_server | 1.3.6 | |
| zulip | zulip_server | 1.3.7 | |
| zulip | zulip_server | 1.3.8 | |
| zulip | zulip_server | 1.3.9 | |
| zulip | zulip_server | 1.3.10 | |
| zulip | zulip_server | 1.3.11 | |
| zulip | zulip_server | 1.3.12 | |
| zulip | zulip_server | 1.3.13 | |
| zulip | zulip_server | 1.4.0 | |
| zulip | zulip_server | 1.4.1 | |
| zulip | zulip_server | 1.4.2 | |
| zulip | zulip_server | 1.4.3 | |
| zulip | zulip_server | 1.5.0 | |
| zulip | zulip_server | 1.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03ECA4CD-B128-45EA-8A19-5F137BD08690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0609969D-7C68-4428-A2F3-EA532F6C4045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6141BC81-A452-44F0-9A61-B82772D406FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3662F33-CC19-46AE-902F-2A685030FDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A20311C-FC51-4ED5-BCBC-955543FD1AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CC0654-4F8C-4D1B-B06F-035368E7B120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13048A35-82DA-45AF-BB3C-AEBD1A80734B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE689D6F-F774-41AF-B97A-23973E22C9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C300421-CBDE-4DC2-A41E-38AFDD498725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "08DE09CC-3869-4686-A36D-F42788FC7118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6AAE8C-F5E6-4A9C-9AF1-0D03EB9A7E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "612DA887-F6BC-45F8-B187-AE23CF2F1027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A21AE1B1-5A7E-447A-9301-1AD965F04833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "034098C9-DCC3-46CC-9534-811F28F4493D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA56546E-7E0A-49EB-967A-7219C907BE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF03C39-6873-4044-96B8-760156D7B1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0167E36-42E4-4DA5-96FB-CFF0EC8FDA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914FE1E-E734-4B4A-8266-25FB5C32800D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B25BEDD5-B562-4A2E-8284-07A47CB1F6D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this."
},
{
"lang": "es",
"value": "Zulip Server versi\u00f3n 1.5.1 y posteriores, sufre de un error en la implementaci\u00f3n de la configuraci\u00f3n de invite_by_admins_only en el servidor de aplicaciones de chat del grupo Zulip que permiti\u00f3 a un usuario autenticado invitar a otros usuarios a unirse a una organizaci\u00f3n Zulip, incluso si la organizaci\u00f3n fue configurada para evitar esto."
}
],
"id": "CVE-2017-0896",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-02T17:29:00.167",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b"
},
{
"source": "support@hackerone.com",
"url": "https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/224210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/224210"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-20 20:15
Modified
2024-11-21 05:40
Severity ?
Summary
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA1B6AE-43BD-458C-909C-C50FC0974CE2",
"versionEndExcluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality."
},
{
"lang": "es",
"value": "El servidor Zulip versiones anteriores a 2.1.3, permite un ataque de tipo XSS por medio de la caracter\u00edstica modal_link en la funcionalidad Markdown."
}
],
"id": "CVE-2020-9445",
"lastModified": "2024-11-21T05:40:39.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-20T20:15:11.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-26 00:15
Modified
2024-11-21 06:45
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F19BE7BB-39B8-41FE-A025-1D985BEF3B67",
"versionEndExcluding": "4.10.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users\u0027 email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com)."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto con hilos basados en temas. Zulip Server versi\u00f3n 2.0.0 y superior, es vulnerable a un control de acceso insuficiente con invitaciones de uso m\u00faltiple. Un despliegue de Zulip Server que alberga m\u00faltiples organizaciones es vulnerable a un ataque en el que una invitaci\u00f3n creada en una organizaci\u00f3n (potencialmente como un rol con permisos elevados) puede ser usada para unirse a cualquier otra organizaci\u00f3n. Esto evita cualquier restricci\u00f3n de dominios requeridos en las direcciones de correo electr\u00f3nico de usuarios, puede ser usado para conseguir acceso a organizaciones a las que s\u00f3lo puede accederse por invitaci\u00f3n, y puede ser usado para conseguir acceso con altos privilegios. Este problema ha sido parcheado en versi\u00f3n 4.10. No se presentan medidas de mitigaci\u00f3n conocidas para este problema. ### Parches _\u00bfHa sido parcheado el problema? \u00bfA qu\u00e9 versiones deber\u00edan actualizarse los usuarios?_ ### Mitigaciones _\u00bfSe presenta alguna forma de que los usuarios mitiguen o remedien la vulnerabilidad sin necesidad de actualizarse?_## Referencias _\u00bfSe presenta alg\u00fan enlace que los usuarios puedan visitar para obtener m\u00e1s informaci\u00f3n?_## Para m\u00e1s informaci\u00f3n Si presenta alguna pregunta o comentario sobre este aviso, puede discutirlo en el [servidor de la comunidad de desarrolladores de Zulip](https://zulip.com/developer-community/), o enviar un correo electr\u00f3nico al [equipo de seguridad de Zulip](mailto:security@zulip.com).\n"
}
],
"id": "CVE-2022-21706",
"lastModified": "2024-11-21T06:45:16.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-26T00:15:08.260",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-15 00:15
Modified
2024-11-21 06:04
Severity ?
Summary
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89E55845-0044-4407-B9BA-AC3F773536C2",
"versionEndExcluding": "3.4",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation."
},
{
"lang": "es",
"value": "En el tema de mover API en Zulip Server versiones 3.x anteriores a 3.4, unos administradores de la organizaci\u00f3n pudieron mover mensajes a transmisiones en otras organizaciones alojadas por la misma instalaci\u00f3n de Zulip"
}
],
"id": "CVE-2021-30487",
"lastModified": "2024-11-21T06:04:01.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-15T00:15:13.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 21:15
Modified
2024-11-21 06:49
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1C326D-A865-4460-AB1B-34B96D16B599",
"versionEndExcluding": "2022-03-01",
"versionStartIncluding": "2021-06-03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix."
},
{
"lang": "es",
"value": "Zulip es una aplicaci\u00f3n de chat en equipo de c\u00f3digo abierto. La rama de desarrollo \"main\" de Zulip Server de junio de 2021 y posteriores, es susceptible a una vulnerabilidad de tipo cross-site scripting en la p\u00e1gina de temas recientes. Un atacante podr\u00eda dise\u00f1ar maliciosamente un nombre completo para su cuenta y enviar mensajes a un tema con varios participantes; una v\u00edctima que abra un tooltip de desbordamiento que incluya este nombre completo en la p\u00e1gina de temas recientes podr\u00eda desencadenar una ejecuci\u00f3n de c\u00f3digo JavaScript controlado por el atacante. Los usuarios que ejecuten un servidor Zulip desde la rama principal deben actualizar desde la principal (01-03-2022 o posterior) de nuevo para implementar esta correcci\u00f3n"
}
],
"id": "CVE-2022-23656",
"lastModified": "2024-11-21T06:49:02.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T21:15:08.160",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-30 06:16
Modified
2024-11-21 08:05
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | 7.0 | |
| zulip | zulip_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E449504D-DB1E-4244-A98D-85AC698B4A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zulip:zulip_server:7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4571E1B8-F9D4-4F6F-B7F2-07A1FE57A8E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker."
}
],
"id": "CVE-2023-33186",
"lastModified": "2024-11-21T08:05:04.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T06:16:36.237",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/zulip/zulip/pull/25370"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/zulip/zulip/pull/25370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-18 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56383248-05C0-41D8-A724-5742684FB746",
"versionEndExcluding": "1.7.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications."
},
{
"lang": "es",
"value": "En las versiones 1.5.x, 1.6.x y 1.7.x anteriores a la 1.7.2 de Zulip Server, hab\u00eda un problema de Cross-Site Scripting (XSS) al silenciar notificaciones."
}
],
"id": "CVE-2018-9987",
"lastModified": "2024-11-21T04:15:59.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-18T08:29:00.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-15 00:15
Modified
2024-11-21 06:04
Severity ?
Summary
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09622761-7CB9-4FD7-82B0-B80CD94D296D",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Zulip Server versiones anteriores a 3.4.\u0026#xa0;Un bug en la implementaci\u00f3n de las respuestas a los mensajes enviados por webhooks salientes a transmisiones privadas significaba que un bot webhook saliente pod\u00eda usarse para enviar mensajes a transmisiones privadas a las que el usuario no ten\u00eda la intenci\u00f3n de poder enviar mensajes"
}
],
"id": "CVE-2021-30477",
"lastModified": "2024-11-21T06:04:00.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-15T00:15:13.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-18 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DE824A-D5B4-452B-B485-2E3BA7AE14DC",
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead."
},
{
"lang": "es",
"value": "En las versiones anteriores a la 1.7.2 de Zulip Server, hab\u00eda un problema de Cross-Site Scripting (XSS) con los nombres de transmisi\u00f3n en la escritura anticipada de temas."
}
],
"id": "CVE-2018-9990",
"lastModified": "2024-11-21T04:15:59.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-18T08:29:00.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-25 21:15
Modified
2024-11-21 08:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED1B8E9-2248-4145-B936-BD08782FCB4C",
"versionEndExcluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto que combina correo electr\u00f3nico y chat. Los usuarios que sol\u00edan estar suscritos a un flujo privado y han sido eliminados de \u00e9l desde entonces conservan la capacidad de editar mensajes/temas, mover mensajes a otros flujos y eliminar mensajes a los que sol\u00edan tener acceso, si otros permisos relevantes de la organizaci\u00f3n permiten estas acciones. Por ejemplo, un usuario podr\u00e1 editar o borrar sus mensajes antiguos que public\u00f3 en dicho stream privado. Un administrador podr\u00e1 borrar mensajes antiguos (a los que ten\u00eda acceso) del flujo privado. Este problema ha sido solucionado en la versi\u00f3n 7.3 de Zulip Server.\n"
}
],
"id": "CVE-2023-32678",
"lastModified": "2024-11-21T08:03:50.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-25T21:15:08.060",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-16 22:15
Modified
2024-11-21 08:30
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream’s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D94B75-D1FD-4045-AA53-F03EE0DFD781",
"versionEndExcluding": "7.5",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream\u2019s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. El equipo de desarrollo de Zulip descubri\u00f3 que los usuarios activos que previamente se hab\u00edan suscrito a una transmisi\u00f3n incorrectamente segu\u00edan pudiendo usar la API de Zulip para acceder a los metadatos de esa transmisi\u00f3n. Como resultado, los usuarios que hab\u00edan sido eliminados de una transmisi\u00f3n, pero que a\u00fan ten\u00edan una cuenta en la organizaci\u00f3n, a\u00fan pod\u00edan ver los metadatos de esa transmisi\u00f3n (incluido el nombre de la transmisi\u00f3n, la descripci\u00f3n, la configuraci\u00f3n y una direcci\u00f3n de correo electr\u00f3nico utilizada para enviar correos electr\u00f3nicos a la transmisi\u00f3n). A trav\u00e9s de la integraci\u00f3n de correo electr\u00f3nico entrante). Esto potencialmente permit\u00eda a los usuarios ver cambios en los metadatos de una transmisi\u00f3n despu\u00e9s de haber perdido el acceso a la misma. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 7.5 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para este problema."
}
],
"id": "CVE-2023-47642",
"lastModified": "2024-11-21T08:30:35.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-16T22:15:28.353",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-21 05:15
Modified
2024-11-21 05:04
Severity ?
Summary
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5356C0-5166-4A73-94A4-479106A31BEB",
"versionEndExcluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value."
},
{
"lang": "es",
"value": "Zulip Server versiones 2.x anteriores a 2.1.7, permite una inyecci\u00f3n eval si un atacante privilegiado era capaz de escribir directamente en la base de datos de postgres y eligi\u00f3 escribir un valor dise\u00f1ado del campo de perfil personalizado."
}
],
"id": "CVE-2020-15070",
"lastModified": "2024-11-21T05:04:44.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T05:15:11.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-16 20:15
Modified
2024-11-21 07:24
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC3AF9F-EF20-4737-B7CC-0D2F0C69781E",
"versionEndExcluding": "5.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected."
},
{
"lang": "es",
"value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. Para las organizaciones con System para Cross-domain Identity Management (SCIM) habilitada, Zulip Server 5.0 a 5.6 verific\u00f3 el token de portador SCIM usando un comparador que no se ejecutaba en tiempo constante. Por lo tanto, en teor\u00eda, un atacante podr\u00eda inferir el valor del token realizando un sofisticado an\u00e1lisis de tiempo en una gran cantidad de solicitudes fallidas. Si tiene \u00e9xito, esto permitir\u00eda al atacante hacerse pasar por el cliente SCIM por su capacidad para leer y actualizar cuentas de usuario en la organizaci\u00f3n Zulip. Las organizaciones donde no se ha habilitado la administraci\u00f3n de cuentas SCIM no se ven afectadas."
}
],
"id": "CVE-2022-41914",
"lastModified": "2024-11-21T07:24:03.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-16T20:15:10.580",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/59edbfa4113d140d3e20126bc65f4d67b2a8ffe5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q5gx-377v-w76f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/commit/59edbfa4113d140d3e20126bc65f4d67b2a8ffe5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q5gx-377v-w76f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-18 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zulip | zulip_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DE824A-D5B4-452B-B485-2E3BA7AE14DC",
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor."
},
{
"lang": "es",
"value": "En las versiones anteriores a la 1.7.2 de Zulip Server, hab\u00eda problemas de Cross-Site Scripting (XSS) con el procesador de marcado del frontend."
}
],
"id": "CVE-2018-9986",
"lastModified": "2024-11-21T04:15:59.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-18T08:29:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-18933 (GCVE-0-2019-18933)
Vulnerability from cvelistv5
Published
2019-11-21 22:45
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/ | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T22:45:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2019/11/21/zulip-2-0-7-security-release/"
},
{
"name": "https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/0c2cc41d2e40807baa5ee2c72987ebfb64ea2eb6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18933",
"datePublished": "2019-11-21T22:45:15",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14215 (GCVE-0-2020-14215)
Vulnerability from cvelistv5
Published
2020-08-21 04:34
Modified
2024-08-04 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T04:34:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14215",
"datePublished": "2020-08-21T04:34:38",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9445 (GCVE-0-2020-9445)
Vulnerability from cvelistv5
Published
2020-04-20 19:51
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-20T19:51:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9445",
"datePublished": "2020-04-20T19:51:25",
"dateReserved": "2020-02-28T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30487 (GCVE-0-2021-30487)
Vulnerability from cvelistv5
Published
2021-04-14 23:43
Modified
2024-08-03 22:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T23:43:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/",
"refsource": "MISC",
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30487",
"datePublished": "2021-04-14T23:43:01",
"dateReserved": "2021-04-10T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15070 (GCVE-0-2020-15070)
Vulnerability from cvelistv5
Published
2020-08-21 04:28
Modified
2024-08-04 13:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T04:28:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.com/2020/06/26/zulip-server-2-1-7-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15070",
"datePublished": "2020-08-21T04:28:55",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19775 (GCVE-0-2019-19775)
Vulnerability from cvelistv5
Published
2019-12-18 03:27
Modified
2024-08-05 02:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583 | x_refsource_CONFIRM | |
| https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T03:27:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/commit/b7c87a4d82397a5e6ac169b6098bed0b1ae7a583"
},
{
"name": "https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2019/12/13/zulip-server-2-0-8-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19775",
"datePublished": "2019-12-18T03:27:06",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33186 (GCVE-0-2023-33186)
Vulnerability from cvelistv5
Published
2023-05-30 05:31
Modified
2025-01-10 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/pull/25370 | x_refsource_MISC | |
| https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f | x_refsource_MISC | |
| https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph"
},
{
"name": "https://github.com/zulip/zulip/pull/25370",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/pull/25370"
},
{
"name": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f"
},
{
"name": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T19:47:31.000951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T19:47:40.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0-beta1, \u003c 7.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T18:12:18.600Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph"
},
{
"name": "https://github.com/zulip/zulip/pull/25370",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/pull/25370"
},
{
"name": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f"
},
{
"name": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629"
}
],
"source": {
"advisory": "GHSA-4r83-8f94-hrph",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33186",
"datePublished": "2023-05-30T05:31:37.279Z",
"dateReserved": "2023-05-17T22:25:50.697Z",
"dateUpdated": "2025-01-10T19:47:40.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32678 (GCVE-0-2023-32678)
Vulnerability from cvelistv5
Published
2023-08-25 20:04
Modified
2024-09-30 18:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj | x_refsource_CONFIRM | |
| https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj"
},
{
"name": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:17:12.677442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:17:38.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003c 7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T20:04:49.432Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj"
},
{
"name": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3",
"tags": [
"x_refsource_MISC"
],
"url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3"
}
],
"source": {
"advisory": "GHSA-q3wg-jm9p-35fj",
"discovery": "UNKNOWN"
},
"title": "Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32678",
"datePublished": "2023-08-25T20:04:49.432Z",
"dateReserved": "2023-05-11T16:33:45.731Z",
"dateUpdated": "2024-09-30T18:17:38.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9444 (GCVE-0-2020-9444)
Vulnerability from cvelistv5
Published
2020-04-20 19:49
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-20T19:49:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9444",
"datePublished": "2020-04-20T19:49:16",
"dateReserved": "2020-02-28T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31134 (GCVE-0-2022-31134)
Vulnerability from cvelistv5
Published
2022-07-12 20:35
Modified
2025-04-23 18:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the "public data" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m | x_refsource_CONFIRM | |
| https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports | x_refsource_MISC | |
| https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:03:27.397354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:02:59.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a \"public data\" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the \"public data\" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:35:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release"
}
],
"source": {
"advisory": "GHSA-58pm-88xp-7x9m",
"discovery": "UNKNOWN"
},
"title": "Zulip Server public data export contains attachments that are non-public",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31134",
"STATE": "PUBLIC",
"TITLE": "Zulip Server public data export contains attachments that are non-public"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.1.0, \u003c 5.4"
}
]
}
}
]
},
"vendor_name": "zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a \"public data\" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the \"public data\" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m"
},
{
"name": "https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports",
"refsource": "MISC",
"url": "https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports"
},
{
"name": "https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release",
"refsource": "MISC",
"url": "https://blog.zulip.com/2022/07/12/zulip-server-5-4-security-release"
}
]
},
"source": {
"advisory": "GHSA-58pm-88xp-7x9m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31134",
"datePublished": "2022-07-12T20:35:10.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:02:59.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0910 (GCVE-0-2017-0910)
Vulnerability from cvelistv5
Published
2017-11-27 16:00
Modified
2024-09-17 01:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32 | x_refsource_CONFIRM | |
| http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zulip | Zulip Server |
Version: before 1.7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zulip Server",
"vendor": "Zulip",
"versions": [
{
"status": "affected",
"version": "before 1.7.1"
}
]
}
],
"datePublic": "2017-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization (CWE-863)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T15:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-11-23T00:00:00",
"ID": "CVE-2017-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zulip Server",
"version": {
"version_data": [
{
"version_value": "before 1.7.1"
}
]
}
}
]
},
"vendor_name": "Zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization (CWE-863)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32"
},
{
"name": "http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/",
"refsource": "CONFIRM",
"url": "http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0910",
"datePublished": "2017-11-27T16:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:26:15.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9986 (GCVE-0-2018-9986)
Vulnerability from cvelistv5
Published
2018-04-18 08:00
Modified
2024-08-05 07:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9986",
"datePublished": "2018-04-18T08:00:00",
"dateReserved": "2018-04-10T00:00:00",
"dateUpdated": "2024-08-05T07:24:56.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10935 (GCVE-0-2020-10935)
Vulnerability from cvelistv5
Published
2020-04-20 19:47
Modified
2024-08-04 11:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/ | x_refsource_CONFIRM | |
| https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:12.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-20T19:47:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/"
},
{
"name": "https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10935",
"datePublished": "2020-04-20T19:47:17",
"dateReserved": "2020-03-24T00:00:00",
"dateUpdated": "2024-08-04T11:21:12.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47642 (GCVE-0-2023-47642)
Vulnerability from cvelistv5
Published
2023-11-16 21:41
Modified
2024-08-29 14:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream’s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"
},
{
"name": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:43:36.650594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:49:20.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream\u2019s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T21:41:46.646Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"
},
{
"name": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"
}
],
"source": {
"advisory": "GHSA-c9wc-65fh-9x8p",
"discovery": "UNKNOWN"
},
"title": "Stream description leaks to ex-subscribers in Zulip"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47642",
"datePublished": "2023-11-16T21:41:46.646Z",
"dateReserved": "2023-11-07T16:57:49.245Z",
"dateUpdated": "2024-08-29T14:49:20.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22735 (GCVE-0-2023-22735)
Vulnerability from cvelistv5
Published
2023-02-07 18:48
Modified
2025-03-10 21:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:50.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh"
},
{
"name": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da"
},
{
"name": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3"
},
{
"name": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:20.642902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:15:28.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 04cf68b, \u003c 2f6c5a8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-07T18:48:29.870Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh"
},
{
"name": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da"
},
{
"name": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3"
},
{
"name": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository",
"tags": [
"x_refsource_MISC"
],
"url": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository"
}
],
"source": {
"advisory": "GHSA-wm83-3764-5wqh",
"discovery": "UNKNOWN"
},
"title": "User uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22735",
"datePublished": "2023-02-07T18:48:29.870Z",
"dateReserved": "2023-01-06T14:21:05.891Z",
"dateUpdated": "2025-03-10T21:15:28.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9987 (GCVE-0-2018-9987)
Vulnerability from cvelistv5
Published
2018-04-18 08:00
Modified
2024-08-05 07:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9987",
"datePublished": "2018-04-18T08:00:00",
"dateReserved": "2018-04-10T00:00:00",
"dateUpdated": "2024-08-05T07:24:56.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41914 (GCVE-0-2022-41914)
Vulnerability from cvelistv5
Published
2022-11-16 00:00
Modified
2025-04-23 16:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q5gx-377v-w76f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/59edbfa4113d140d3e20126bc65f4d67b2a8ffe5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:18.290712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:36:55.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0, \u003c 5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-16T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-q5gx-377v-w76f"
},
{
"url": "https://github.com/zulip/zulip/commit/59edbfa4113d140d3e20126bc65f4d67b2a8ffe5"
}
],
"source": {
"advisory": "GHSA-q5gx-377v-w76f",
"discovery": "UNKNOWN"
},
"title": "Non-constant-time SCIM token comparison in Zulip Server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41914",
"datePublished": "2022-11-16T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:36:55.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0881 (GCVE-0-2017-0881)
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-05 13:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97159 | vdb-entry, x_refsource_BID | |
| https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ | x_refsource_MISC | |
| https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Zulip Server Versions 1.4.2 and below |
Version: Zulip Server Versions 1.4.2 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:18:06.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97159"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zulip Server Versions 1.4.2 and below",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zulip Server Versions 1.4.2 and below"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Exposure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "97159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97159"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zulip Server Versions 1.4.2 and below",
"version": {
"version_data": [
{
"version_value": "Zulip Server Versions 1.4.2 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97159"
},
{
"name": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ"
},
{
"name": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0881",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:18:06.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9999 (GCVE-0-2018-9999)
Vulnerability from cvelistv5
Published
2018-04-18 08:00
Modified
2024-08-05 07:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9999",
"datePublished": "2018-04-18T08:00:00",
"dateReserved": "2018-04-10T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21630 (GCVE-0-2024-21630)
Vulnerability from cvelistv5
Published
2024-01-25 19:30
Modified
2025-05-29 15:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6 | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc | x_refsource_MISC | |
| https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf | x_refsource_MISC | |
| https://zulip.com/help/configure-who-can-invite-to-streams | x_refsource_MISC | |
| https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6"
},
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc"
},
{
"name": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf"
},
{
"name": "https://zulip.com/help/configure-who-can-invite-to-streams",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zulip.com/help/configure-who-can-invite-to-streams"
},
{
"name": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:52:52.338039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:19:04.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "= 8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T19:30:09.106Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6"
},
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc"
},
{
"name": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf"
},
{
"name": "https://zulip.com/help/configure-who-can-invite-to-streams",
"tags": [
"x_refsource_MISC"
],
"url": "https://zulip.com/help/configure-who-can-invite-to-streams"
},
{
"name": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations",
"tags": [
"x_refsource_MISC"
],
"url": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations"
}
],
"source": {
"advisory": "GHSA-87p9-wprh-7rm6",
"discovery": "UNKNOWN"
},
"title": "Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21630",
"datePublished": "2024-01-25T19:30:09.106Z",
"dateReserved": "2023-12-29T03:00:44.954Z",
"dateUpdated": "2025-05-29T15:19:04.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30477 (GCVE-0-2021-30477)
Vulnerability from cvelistv5
Published
2021-04-14 23:45
Modified
2024-08-03 22:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T23:45:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/",
"refsource": "MISC",
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30477",
"datePublished": "2021-04-14T23:45:14",
"dateReserved": "2021-04-09T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30479 (GCVE-0-2021-30479)
Vulnerability from cvelistv5
Published
2021-04-14 23:48
Modified
2024-08-03 22:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T23:48:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/",
"refsource": "MISC",
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30479",
"datePublished": "2021-04-14T23:48:38",
"dateReserved": "2021-04-09T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21706 (GCVE-0-2022-21706)
Vulnerability from cvelistv5
Published
2022-02-25 23:25
Modified
2025-04-23 19:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e | x_refsource_MISC | |
| https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/ | x_refsource_MISC | |
| https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:34.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:57:16.778351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:00:22.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users\u0027 email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T23:25:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706"
}
],
"source": {
"advisory": "GHSA-6xmj-2wcm-p2jc",
"discovery": "UNKNOWN"
},
"title": "Multi-use invitations can grant access to other organizations in Zulip",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21706",
"STATE": "PUBLIC",
"TITLE": "Multi-use invitations can grant access to other organizations in Zulip"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0.0, \u003c 4.10"
}
]
}
}
]
},
"vendor_name": "zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users\u0027 email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-6xmj-2wcm-p2jc"
},
{
"name": "https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/88917019f03860609114082cdc0f31a561503f9e"
},
{
"name": "https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/",
"refsource": "MISC",
"url": "https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/"
},
{
"name": "https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706",
"refsource": "MISC",
"url": "https://blog.zulip.com/2022/02/25/zulip-server-4-10-security-release/#cve-2022-21706"
}
]
},
"source": {
"advisory": "GHSA-6xmj-2wcm-p2jc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21706",
"datePublished": "2022-02-25T23:25:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:00:22.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0896 (GCVE-0-2017-0896)
Vulnerability from cvelistv5
Published
2017-06-02 17:00
Modified
2024-08-05 13:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ | mailing-list, x_refsource_MLIST | |
| https://hackerone.com/reports/224210 | x_refsource_MISC | |
| https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zulip | Zulip Server |
Version: 1.5.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[zulip-announce] 20170601 Zulip Server 1.5.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/224210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zulip Server",
"vendor": "Zulip",
"versions": [
{
"status": "affected",
"version": "1.5.1 and below"
}
]
}
],
"datePublic": "2017-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-02T16:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "[zulip-announce] 20170601 Zulip Server 1.5.2 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/224210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zulip Server",
"version": {
"version_data": [
{
"version_value": "1.5.1 and below"
}
]
}
}
]
},
"vendor_name": "Zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[zulip-announce] 20170601 Zulip Server 1.5.2 released",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/#!msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ"
},
{
"name": "https://hackerone.com/reports/224210",
"refsource": "MISC",
"url": "https://hackerone.com/reports/224210"
},
{
"name": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0896",
"datePublished": "2017-06-02T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:16.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16215 (GCVE-0-2019-16215)
Vulnerability from cvelistv5
Published
2019-09-18 11:07
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/ | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T11:07:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"name": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16215",
"datePublished": "2019-09-18T11:07:00",
"dateReserved": "2019-09-11T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9990 (GCVE-0-2018-9990)
Vulnerability from cvelistv5
Published
2018-04-18 08:00
Modified
2024-08-05 07:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9990",
"datePublished": "2018-04-18T08:00:00",
"dateReserved": "2018-04-10T00:00:00",
"dateUpdated": "2024-08-05T07:32:00.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30478 (GCVE-0-2021-30478)
Vulnerability from cvelistv5
Published
2021-04-14 23:47
Modified
2024-08-03 22:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2021/04/14/zulip-server-3-4/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T23:47:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/",
"refsource": "MISC",
"url": "https://blog.zulip.com/2021/04/14/zulip-server-3-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30478",
"datePublished": "2021-04-14T23:47:27",
"dateReserved": "2021-04-09T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14194 (GCVE-0-2020-14194)
Vulnerability from cvelistv5
Published
2020-08-21 04:37
Modified
2024-08-04 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T04:37:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14194",
"datePublished": "2020-08-21T04:37:27",
"dateReserved": "2020-06-16T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36612 (GCVE-0-2024-36612)
Vulnerability from cvelistv5
Published
2024-11-29 00:00
Modified
2024-12-02 16:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"lessThanOrEqual": "8.3",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T16:29:18.314930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T16:35:49.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T19:38:12.220508",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zulip/zulip/commit/0a90a13becbf0338a8fc1ad37946e51c2c25b0a5"
},
{
"url": "https://github.com/zulip/zulip/blob/8.3/web/src/click_handlers.js"
},
{
"url": "https://gist.github.com/1047524396/f7ff51d24ebbb29e21dfb70a0c97302b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36612",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-05-30T00:00:00",
"dateUpdated": "2024-12-02T16:35:49.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16216 (GCVE-0-2019-16216)
Vulnerability from cvelistv5
Published
2019-09-18 11:08
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/ | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T11:08:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/"
},
{
"name": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16216",
"datePublished": "2019-09-18T11:08:09",
"dateReserved": "2019-09-11T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23656 (GCVE-0-2022-23656)
Vulnerability from cvelistv5
Published
2022-03-02 20:25
Modified
2025-04-23 18:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv | x_refsource_CONFIRM | |
| https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:09:33.158612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:59:20.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zulip",
"vendor": "zulip",
"versions": [
{
"status": "affected",
"version": "\u003e= 2021-06-03, \u003c 2022-03-01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T20:25:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321"
}
],
"source": {
"advisory": "GHSA-fc77-h3jc-6mfv",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in Zulip Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23656",
"STATE": "PUBLIC",
"TITLE": "Cross-site scripting vulnerability in Zulip Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_value": "\u003e= 2021-06-03, \u003c 2022-03-01"
}
]
}
}
]
},
"vendor_name": "zulip"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv",
"refsource": "CONFIRM",
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv"
},
{
"name": "https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321",
"refsource": "MISC",
"url": "https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321"
}
]
},
"source": {
"advisory": "GHSA-fc77-h3jc-6mfv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23656",
"datePublished": "2022-03-02T20:25:10.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:59:20.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12759 (GCVE-0-2020-12759)
Vulnerability from cvelistv5
Published
2020-08-21 04:39
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T04:39:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/",
"refsource": "CONFIRM",
"url": "https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12759",
"datePublished": "2020-08-21T04:39:00",
"dateReserved": "2020-05-09T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}