Описание
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
Ссылки
- Issue TrackingPatch
- Permissions Required
- Issue TrackingPatch
- Permissions Required
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zulip:zulip_server:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:zulip:zulip_server:1.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
CWE-862
Связанные уязвимости
CVSS3: 6.5
debian
больше 8 лет назад
Zulip Server 1.5.1 and below suffer from an error in the implementatio ...
CVSS3: 6.5
github
больше 3 лет назад
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
EPSS
Процентиль: 36%
0.00148
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-285
CWE-862