Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-31168
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and previous versions, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zul...
Zulip Zulip
5.3
CVSSv3
CVE-2021-43791
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirma...
Zulip Zulip
8.8
CVSSv3
CVE-2021-3967
Improper Access Control in GitHub repository zulip/zulip before 4.10.
Zulip Zulip
5.7
CVSSv3
CVE-2022-35962
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in versio...
Zulip Zulip
3.7
CVSSv3
CVE-2023-28623
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS...
Zulip Zulip
6.1
CVSSv3
CVE-2020-12759
Zulip Server prior to 2.1.5 allows reflected XSS via the Dropbox webhook.
Zulip Zulip Server
6.5
CVSSv3
CVE-2019-16215
The Markdown parser in Zulip server prior to 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing ...
Zulip Zulip Server
5.4
CVSSv3
CVE-2019-16216
Zulip server prior to 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads ...
Zulip Zulip Server
5.4
CVSSv3
CVE-2020-10935
Zulip Server prior to 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
Zulip Zulip Server
9.8
CVSSv3
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where...
Zulip Zulip Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »