LOWπŸ‡΅πŸ‡± Wersja polska

CVE-2025-30368

CVSS 2.7v3.1pub. 2025-03-31upd. 2025-08-27

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
  • Zulip

    APP
    Zulip
    10.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-35962HIGH8.0ten sam produkt

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile throug...

CVE-2016-4427HIGH7.5ten sam produkt

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.

CVE-2021-3967HIGH8.8ten sam produkt

Improper Access Control in GitHub repository zulip/zulip prior to 4.10.

CVE-2021-43799HIGH8.6ten sam produkt

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. ...

CVE-2026-25742MEDIUM5.3ten sam produkt

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collabora...

CVE-2025-30368 β€” Zulip β€” LOW β€” CVSS 2.7 | CVEbaza.pl