CVE-2021-30477

Name of the Vulnerable Software and Affected Versions Zulip Server versions prior to 3.4

Description An issue was discovered in the implementation of replies to messages sent by outgoing webhooks to private streams. This bug meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.

Recommendations For versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of outgoing webhook bots to minimize the risk of exploitation.