Zulip Server Security Vulnerabilities and Issues — Zulip Server CVE List

Lucene search

ZulipZulip Server

4 matches found

CVE•added 2020/08/21 5:15 a.m.•51 views

CVE-2020-15070

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.

8.8CVSS8.6AI score0.00656EPSS

CVE•added 2020/08/21 5:15 a.m.•46 views

CVE-2020-14215

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.

7.5CVSS7.5AI score0.00195EPSS

CVE•added 2020/08/21 5:15 a.m.•44 views

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2020/08/21 5:15 a.m.•44 views

CVE-2020-14194

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.

5.8CVSS5.4AI score0.00197EPSS