CVE-2024-36612

Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers...

CVE-2024-36625

Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the replaceemojiwithtext function in uiutil.ts...

PT-2022-7863 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip versions prior to 1.3.12 Description: The issue allows bot API keys to be accessible to other users within the same realm. Recommendations: For versions prior to 1.3.12, update to version 1.3.12 or later to resolve the issue...

PT-2022-7864 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip versions prior to 1.3.12 Description: The issue allows deactivated users to access messages when Single Sign-On SSO is enabled. Recommendations: For versions prior to 1.3.12, update to version 1.3.12 or later to resolve the issue...

PT-2022-10955 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: zulip/zulip versions prior to 4.10 Description: The issue is related to improper access control in the GitHub repository zulip/zulip. Recommendations: For versions prior to 4.10, update to version 4.10 or later to resolve the issue...