RSS   Vulnerabilities for 'Zulip'   RSS

2017-03-27
 
CVE-2017-0881

CWE-863
 

 
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

 

 >>> Vendor: Zulip 2 Products
Zulip
Zulip server


Copyright 2019, cxsecurity.com

 

Back to Top