CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31134 – Zulip Server public data export contains attachments that are non-public
https://notcve.org/view.php?id=CVE-2022-31134
12 Jul 2022 — Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the "public data" export which administrators could generate contained the attachment contents for al... • https://blog.zulip.com/2022/07/12/zulip-cloud-data-exports • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31017 – Expression Always True vulnerability in Zulip Server
https://notcve.org/view.php?id=CVE-2022-31017
25 Jun 2022 — Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the... • https://github.com/zulip/zulip/security/advisories/GHSA-m5j3-jp59-6f3q • CWE-571: Expression is Always True CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24751 – Race condition in Zulip
https://notcve.org/view.php?id=CVE-2022-24751
16 Mar 2022 — Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this... • https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23656 – Cross-site scripting vulnerability in Zulip Server
https://notcve.org/view.php?id=CVE-2022-23656
02 Mar 2022 — Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from... • https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3967 – Improper Access Control in zulip/zulip
https://notcve.org/view.php?id=CVE-2021-3967
26 Feb 2022 — Improper Access Control in GitHub repository zulip/zulip prior to 4.10. Un Control de Acceso Inapropiado en el repositorio de GitHub zulip/zulip versiones anteriores a 4.10. • https://github.com/zulip/zulip/commit/d5db254ca8167995a1654d1c45ffc74b2fade39a • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21706 – Multi-use invitations can grant access to other organizations in Zulip
https://notcve.org/view.php?id=CVE-2022-21706
25 Feb 2022 — Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to ga... • https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2021-43799 – RabbitMQ exposes ports with weak default secrets in Zulip Server
https://notcve.org/view.php?id=CVE-2021-43799
25 Jan 2022 — Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ opens; this includes port 25672, the RabbitMQ distribution port, which is used as a management port. RabbitMQ's default "cookie" which protects this port is generated using a weak PRNG, which limits the entropy of the password to... • https://github.com/scopion/CVE-2021-43799 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-3866 – Cross-site Scripting (XSS) - Stored in zulip/zulip
https://notcve.org/view.php?id=CVE-2021-3866
20 Jan 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6. Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub zulip/zulip más de e incluyendo 44f935695d452cc3fb16845a0c6af710438b153d y antes de 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 • https://blog.zulip.com/2022/01/19/cve-2021-3866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43791 – Ineffective expiration validation for invitation links in Zulip
https://notcve.org/view.php?id=CVE-2021-43791
02 Dec 2021 — Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /acco... • https://github.com/zulip/zulip/commit/a014ef75a3a0ed7f24ebb157632ba58751e732c6 • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41115 – Regular expression denial-of-service in Zulip
https://notcve.org/view.php?id=CVE-2021-41115
07 Oct 2021 — Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expr... • https://github.com/zulip/zulip/commit/e2d303c1bb5f538d17dc3d9134bc8858bdece781 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •