3 matches found
CVE-2024-21630
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
CVE-2024-21630
CVE-2024-21630 (Zulip) describes a flaw in Zulip 8.0 where non-admins can invite users and create multiāuse invitations, while only admins can invite users to streams. The vulnerability is limited to streams the inviter can already see and is not an arbitrary- stream invite. Version 8.1 fixes the...
CVE-2022-21706 Multi-use invitations can grant access to other organizations in Zulip
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...