Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.8 views

CVE-2023-32677

Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...

3.1CVSS6.6AI score0.00563EPSS
Exploits0References1
Prion
Prion
added 2024/01/25 8:15 p.m.29 views

Design/Logic Flaw

Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...

4CVSS7AI score0.00563EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/05/19 8:44 p.m.73 views

CVE-2023-32677

CVE-2023-32677 (Zulip) affects Zulip Server 6.1 and earlier, where the UI for inviting a new user could let the inviter configure which streams the new user is invited to, potentially granting invitations to streams the inviter could not add users to. The underlying issue is a mismatch between wh...

3.1CVSS4AI score0.00563EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/19 8:44 p.m.36 views

CVE-2023-32677 Users who can send invitations can erroneously add users to streams during invitation in Zulip

Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...

3.1CVSS4.5AI score0.00563EPSS
Exploits0References6
Rows per page
Query Builder