EUVD-2021-17401

Malware in sbrugna...

CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

Information disclosure

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2021-30478

Summary: CVE-2021-30478 affects Zulip Server before 3.4. A bug in the can_forge_sender permission (formerly is_api_super_user) allows users with that permission to send messages that appear to come from a system bot, including to other organizations on the same Zulip deployment. The issue is root...