PT-2023-30530 · Zulip · Zulip
Alexmv
·
Published
2023-11-16
·
Updated
2023-11-25
·
CVE-2023-47642
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zulip versions prior to 7.5
Description
A security issue was found in Zulip, an open-source team collaboration tool, where users who had been removed from a stream could still access its metadata using the Zulip API. This included stream name, description, settings, and an email address used for incoming email integration. As a result, users could see changes to a stream's metadata after they had lost access to the stream.
Recommendations
For versions prior to 7.5, upgrade to version 7.5 to resolve the issue.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zulip