Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2016-4426
In zulip prior to 1.3.12, bot API keys were accessible to other users in the same realm.
Zulip Zulip
5
CVSSv2
CVE-2021-43791
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirma...
Zulip Zulip
5
CVSSv2
CVE-2021-43799
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server before 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ...
Zulip Zulip
5.8
CVSSv2
CVE-2022-24751
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the de...
Zulip Zulip
3.5
CVSSv2
CVE-2021-3866
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and before 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
Zulip Zulip
NA
CVE-2023-47642
Zulip is an open-source team collaboration tool. It exists by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been remo...
Zulip Zulip Server
4
CVSSv2
CVE-2021-30478
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations ho...
Zulip Zulip Server
7.5
CVSSv2
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where...
Zulip Zulip Server
NA
CVE-2022-41914
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 up to and including 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. There...
Zulip Zulip Server
NA
CVE-2024-21630
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be ...
Zulip Zulip Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »