CVE-2024-21630

Name of the Vulnerable Software and Affected Versions Zulip version 8.0

Description A vulnerability in Zulip affects installations where non-admins can invite users and create multi-use invitations, but only admins can invite users to streams. This issue allows users to invite new users to streams they can already see, but not to arbitrary streams. The estimated number of potentially affected devices is not specified.

Recommendations For version 8.0, as a temporary workaround, administrators can limit the sending of invitations to users who also have the permission to add users to streams. For version 8.0, update to version 8.1 to resolve the issue.