CVE-2017-0881
CVE-2017-0881 affects Zulip Server prior to 1.4.3. The issue is in the autosubscribe feature of the check_stream_exists route, allowing an authenticated user to subscribe to a private stream that should require an invitation from an existing member. This could bypass access controls and expose pr...