PT-2022-23061 · Unknown · Zulip Mobile
Published
2022-08-29
·
Updated
2022-09-07
·
CVE-2022-35962
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zulip Mobile versions 27.189 and earlier
Description
A crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link.
Recommendations
For Zulip Mobile versions 27.189 and earlier, update to version 27.190 to resolve the issue.
Exploit
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zulip Mobile