2 matches found
Authentication flaw
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2023-28623
CVE-2023-28623 affects Zulip; when AUTHENTICATION_BACKENDS includes ZulipLDAPAuthBackend plus one other backend (not ZulipLDAPAuthBackend or EmailAuthBackend) and invitations aren’t required, an attacker can register a new account with an arbitrary email. Impact is limited to installations with t...