CVE-2022-21706
Zulip Server 2.0.0+ was vulnerable to insufficient access control via multi-use invitations in multi-org deployments: an invite from one organization could join another, bypassing domain restrictions and potentially granting elevated privileges. It is patched in release 4.10; upgrading to 4.10 fi...