Описание
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
Ссылки
- Third Party AdvisoryVendor Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
- Third Party AdvisoryVendor Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
An error in the implementation of an autosubscribe feature in the chec ...
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2