Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-30479
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
Zulip Zulip Server
4.3
CVSSv2
CVE-2018-9986
In Zulip Server versions prior to 1.7.2, there were XSS issues with the frontend markdown processor.
Zulip Zulip Server
4.3
CVSSv2
CVE-2018-9990
In Zulip Server versions prior to 1.7.2, there was an XSS issue with stream names in topic typeahead.
Zulip Zulip Server
3.5
CVSSv2
CVE-2018-9999
In Zulip Server versions prior to 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
Zulip Zulip Server
1 Github repository
4
CVSSv2
CVE-2021-30487
In the topic moving API in Zulip Server 3.x prior to 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
Zulip Zulip Server
4
CVSSv2
CVE-2019-16215
The Markdown parser in Zulip server prior to 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing ...
Zulip Zulip Server
3.5
CVSSv2
CVE-2019-16216
Zulip server prior to 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads ...
Zulip Zulip Server
NA
CVE-2022-41914
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 up to and including 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. There...
Zulip Zulip Server
5.8
CVSSv2
CVE-2020-9444
Zulip Server prior to 2.1.3 allows reverse tabnabbing via the Markdown functionality.
Zulip Zulip Server
4.3
CVSSv2
CVE-2020-9445
Zulip Server prior to 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
Zulip Zulip Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »