Lucene search

GitHub_MCVELIST:CVE-2022-31134

HistoryJul 12, 2022 - 8:35 p.m.

CVE-2022-31134 Zulip Server public data export contains attachments that are non-public

2022-07-1220:35:10

CWE-200

GitHub_M

www.cve.org

zulip server

public data export

non-public attachments

data security

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a “public data” export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the “public data” export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue.

CNA Affected

[
  {
    "product": "zulip",
    "vendor": "zulip",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.1.0, < 5.4"
      }
    ]
  }
]

References

blog.zulip.com/2022/07/12/zulip-cloud-data-exports

blog.zulip.com/2022/07/12/zulip-server-5-4-security-release

github.com/zulip/zulip/security/advisories/GHSA-58pm-88xp-7x9m

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

Related for CVELIST:CVE-2022-31134