2 matches found
CVE-2021-43791
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a...
CVE-2021-43791
Zulip 4.x vulnerability (CVE-2021-43791): Expired invitation confirmation keys were not properly validated in the new account registration flow. The check_prereg_key_and_redirect step validated the key, but /accounts/register/ did not, allowing registration with an expired key. Impact: potential ...