14 matches found
EUVD-2017-1235
Malware in sbrugna...
EUVD-2022-52718
Malicious code in bioql PyPI...
CVE-2023-32678
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2024-27286
Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a...
CVE-2024-27286 Moving single messages from public to private streams leaves them accessible
Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a...
CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...
CVE-2022-31017
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the...
CVE-2022-31017
Zulip Server contains a logic error in versions 2.1.0 through 5.2 where a private stream with protected history, upon edits, erroneously causes an API event that includes the edited message to all current subscribers. The issue stems from the server sending the edited message via an API event to ...
Zulip server access control error vulnerability
Zulip server is an open source team chat application from the American company Zulip. An access control error vulnerability exists in versions of Zulip Server prior to 3.4, which stems from a bug in the implementation of replies to messages that send a webhook to a private stream.No details of th...
Zulip 访问控制错误漏洞
Zulip server is an open source team chat application from the American company Zulip. An access control error vulnerability exists in versions of Zulip Server prior to 3.4, which stems from a bug in the implementation of replies to messages that send a webhook to a private stream.No details of th...
CVE-2017-0881
An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...
CVE-2017-0881
An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...
Design/Logic Flaw
An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...
CVE-2017-0881
CVE-2017-0881 affects Zulip Server prior to 1.4.3. The issue is in the autosubscribe feature of the check_stream_exists route, allowing an authenticated user to subscribe to a private stream that should require an invitation from an existing member. This could bypass access controls and expose pr...