PT-2017-10682 · Zulip · Zulip Server

Rafid Aslam

Published

2017-03-28

Updated

2019-10-09

CVE-2017-0881

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zulip server versions prior to 1.4.3

Description The issue is related to an error in the implementation of an autosubscribe feature in the check stream exists route, allowing an authenticated user to subscribe to a private stream without an invitation from an existing member.

Recommendations For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue.

Fix

Information Disclosure

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-863

Related Identifiers

CVE-2017-0881

Affected Products

Zulip Server

PT-2017-10682 · Zulip · Zulip Server

CVE-2017-0881

Weakness Enumeration

Related Identifiers

Affected Products

References · 5