EUVD-2017-1235

Malware in sbrugna...

Zulip Server Security Bypass Vulnerability

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A security vulnerability exists in the implementation of the autosubscribe feature of the checkstreamexists route in versions of Zulip Server prior to 1.4.3. An attacker can exploit this...

CVE-2017-0881

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...

CVE-2017-0881

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...

Design/Logic Flaw

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...

CVE-2017-0881

CVE-2017-0881 affects Zulip Server prior to 1.4.3. The issue is in the autosubscribe feature of the check_stream_exists route, allowing an authenticated user to subscribe to a private stream that should require an invitation from an existing member. This could bypass access controls and expose pr...

CVE-2017-0881

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...