Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-18933
In Zulip Server versions from 1.7.0 to prior to 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal...
Zulip Zulip Server
4.3
CVSSv3
CVE-2024-21630
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be ...
Zulip Zulip Server
6.1
CVSSv3
CVE-2019-19775
The image thumbnailing handler in Zulip Server versions 1.9.0 to prior to 2.0.8 allowed an open redirect that was visible to logged-in users.
Zulip Zulip Server
2 Github repositories
4.9
CVSSv3
CVE-2022-31134
Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to ad...
Zulip Zulip Server
4.3
CVSSv3
CVE-2017-0881
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server prior to 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to ...
Zulip Zulip Server
6.1
CVSSv3
CVE-2018-9987
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x prior to 1.7.2, there was an XSS issue with muting notifications.
Zulip Zulip Server
6.1
CVSSv3
CVE-2020-12759
Zulip Server prior to 2.1.5 allows reflected XSS via the Dropbox webhook.
Zulip Zulip Server
8.8
CVSSv3
CVE-2017-0910
In Zulip Server prior to 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Zulip Zulip Server
5.4
CVSSv3
CVE-2022-23656
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a ...
Zulip Zulip Server
3.7
CVSSv3
CVE-2022-41914
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 up to and including 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. There...
Zulip Zulip Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »