In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZulip Server
APPZulip1.7.0 – 2.0.7 (bez)
Powiązane podatności
Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limi...
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of em...
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and abo...
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to th...