Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.8 views

CVE-2022-36048

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS6.7AI score0.00507EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/08/31 7:15 p.m.9 views

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS4.4AI score0.00507EPSS
Exploits0References1
CVE
CVE
added 2022/08/31 7:15 p.m.65 views

CVE-2022-36048

CVE-2022-36048 concerns Zulip Server prior to 5.6, where an attacker who can send messages can craft image-URLs to bypass the go-camo image proxy and cause the viewer’s IP address and browser fingerprinting information to be inferred via embedded remote images. The vulnerability affects Zulip Ser...

4.3CVSS4.3AI score0.00507EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/08/31 7:15 p.m.29 views

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS4.8AI score0.00507EPSS
Exploits0References3
Rows per page
Query Builder