CVE-2020-12637

Name of the Vulnerable Software and Affected Versions Zulip Desktop versions prior to 5.2.0

Description The issue is related to Missing SSL Certificate Validation. This occurred because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.

Recommendations For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the ignoreCerts option until a patch is available. Restrict access to sensitive resources that rely on SSL certificate validation to minimize the risk of exploitation.