5 matches found
CVE-2023-32678
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32678
creationtimestamp| type| source ---|---|--- 2023-08-26 00:14:23+00:00| seen| https://t.me/cibsecurity/69211...
CVE-2023-32678
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2023-32678
Zulip CVE-2023-32678 describes an authorization flaw in Zulip Server prior to 7.3 where former subscribers of private streams could still edit, move, or delete messages and topics they had previously accessed. The issue arises from insufficient checks on who can modify or remove content in privat...