CVE-2024-21630

🗓️ 25 Jan 2024 20:40:15Reported by GitHub_MType

Zulip 8.0 multi-use invitation vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
OSV	CVE-2024-21630	25 Jan 202420:15	–	osv
OSV	CVE-2023-32677	19 May 202321:15	–	osv
Cvelist	CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to	25 Jan 202419:30	–	cvelist
Cvelist	CVE-2023-32677 Users who can send invitations can erroneously add users to streams during invitation in Zulip	19 May 202320:44	–	cvelist
Prion	Design/Logic Flaw	25 Jan 202420:15	–	prion
Prion	Code injection	19 May 202321:15	–	prion
NVD	CVE-2024-21630	25 Jan 202420:15	–	nvd
NVD	CVE-2023-32677	19 May 202321:15	–	nvd
CVE	CVE-2023-32677	19 May 202321:15	–	cve
Vulnrichment	CVE-2023-32677 Users who can send invitations can erroneously add users to streams during invitation in Zulip	19 May 202320:44	–	vulnrichment

Nvd

Vulners

Node

zulip zulip_serverRange1.9.0–6.2

zulip zulip_serverRange8.0–8.1

[
  {
    "vendor": "zulip",
    "product": "zulip",
    "versions": [
      {
        "version": "= 8.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
zulip	www.zulip.com/help/restrict-account-creation
zulip	www.zulip.com/help/configure-who-can-invite-to-streams
github	www.github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf
github	www.github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc
github	www.github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Jan 2024 20:15Current

4.2Medium risk

Vulners AI Score4.2

CVSS34.3

EPSS0.00109

CWE-862