2 matches found
CVE-2022-41914
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
CVE-2022-41914
Zulip Server versions 5.0–5.6 are affected by a non-constant-time SCIM bearer token comparison, enabling potential timing attacks to infer the token value and impersonate the SCIM client to read or update user accounts within an organization. Impact is limited to deployments with SCIM account man...