An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zulip zulip server |