Количество 3
Количество 3
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...
GHSA-8c73-4mfq-f8m8
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-18933 In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
| CVE-2019-18933 In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ... | CVSS3: 9.8 | 0% Низкий | около 6 лет назад |
| GHSA-8c73-4mfq-f8m8 In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу