Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47642
Zulip is an open-source team collaboration tool. It exists by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been remo...
Zulip Zulip Server
4
CVSSv2
CVE-2017-0881
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server prior to 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to ...
Zulip Zulip Server
6.5
CVSSv2
CVE-2020-15070
Zulip Server 2.x prior to 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
Zulip Zulip Server
4
CVSSv2
CVE-2017-0910
In Zulip Server prior to 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Zulip Zulip Server
NA
CVE-2022-41914
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 up to and including 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. There...
Zulip Zulip Server
NA
CVE-2023-33186
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and ...
Zulip Zulip Server 7.0
NA
CVE-2023-22735
Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Secur...
Zulip Zulip Server 2023-01-09
2.1
CVSSv2
CVE-2019-10476
Jenkins Zulip Plugin 1.1.0 and previous versions stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Zulip
4.3
CVSSv2
CVE-2020-9443
Zulip Desktop prior to 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
Zulipchat Zulip Desktop
4.3
CVSSv2
CVE-2020-24582
Zulip Desktop prior to 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Zulipchat Zulip Desktop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »