3 matches found
CVE-2022-31017
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the...
CVE-2022-31017
Zulip Server contains a logic error in versions 2.1.0 through 5.2 where a private stream with protected history, upon edits, erroneously causes an API event that includes the edited message to all current subscribers. The issue stems from the server sending the edited message via an API event to ...
CVE-2022-31017 Expression Always True vulnerability in Zulip Server
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the...