CVE-2017-0910

Опубликовано: 27 нояб. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 4

EPSS Низкий

Описание

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.

Ссылки

http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/
Vendor Advisory
https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32
Patch
Third Party Advisory
http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/
Vendor Advisory
https://github.com/zulip/zulip/commit/960d736e55cbb9386a68e4ee45f80581fd2a4e32
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*

Версия до 1.7.1 (исключая)

EPSS

Процентиль: 47%

0.00239

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

CWE-287

Связанные уязвимости

CVE-2017-0910

CVSS3: 8.8

debian

около 8 лет назад

In Zulip Server before 1.7.1, on a server with multiple realms, a vuln ...

GHSA-6r66-34x7-46rg

CVSS3: 8.8

github

больше 3 лет назад

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.

EPSS

Процентиль: 47%

0.00239

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

CWE-287