Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where...
Zulip Zulip Server
9.8
CVSSv3
CVE-2021-43799
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server before 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ...
Zulip Zulip
9.8
CVSSv3
CVE-2019-18933
In Zulip Server versions from 1.7.0 to prior to 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal...
Zulip Zulip Server
8.8
CVSSv3
CVE-2022-31168
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and previous versions, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zul...
Zulip Zulip
8.8
CVSSv3
CVE-2020-15070
Zulip Server 2.x prior to 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
Zulip Zulip Server
8.8
CVSSv3
CVE-2017-0910
In Zulip Server prior to 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Zulip Zulip Server
7.5
CVSSv3
CVE-2020-14215
Zulip Server prior to 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
Zulip Zulip Server
6.5
CVSSv3
CVE-2023-32678
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete ...
Zulip Zulip Server
6.5
CVSSv3
CVE-2021-41115
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organizatio...
Zulip Zulip
6.5
CVSSv3
CVE-2019-16215
The Markdown parser in Zulip server prior to 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing ...
Zulip Zulip Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »