4 matches found
CVE-2023-32677
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...
Design/Logic Flaw
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
CVE-2023-32677
CVE-2023-32677 (Zulip) affects Zulip Server 6.1 and earlier, where the UI for inviting a new user could let the inviter configure which streams the new user is invited to, potentially granting invitations to streams the inviter could not add users to. The underlying issue is a mismatch between wh...
CVE-2023-32677 Users who can send invitations can erroneously add users to streams during invitation in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...