11 matches found
EUVD-2024-19272
Malicious code in bioql PyPI...
EUVD-2022-26895
Malicious code in bioql PyPI...
CVE-2024-21630
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...
Design/Logic Flaw
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
Improper access control
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...
CVE-2022-21706 Multi-use invitations can grant access to other organizations in Zulip
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...
CVE-2022-21706
Zulip Server 2.0.0+ was vulnerable to insufficient access control via multi-use invitations in multi-org deployments: an invite from one organization could join another, bypassing domain restrictions and potentially granting elevated privileges. It is patched in release 4.10; upgrading to 4.10 fi...
CVE-2022-21706 Multi-use invitations can grant access to other organizations in Zulip
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...