Zulip · Zulip Server · CVE-2020-14215
**Name of the Vulnerable Software and Affected Versions**
Zulip Server versions prior to 2.1.5
**Description**
The issue is related to Incorrect Access Control. Specifically, the `0198 preregistrationuser invited as` addition grants the administrator role to invitations, which is not intended.
**Recommendations**
For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue.