CVE-2017-0896
02.06.2017, 17:29
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.Enginsight
| Vendor | Product | Version |
|---|---|---|
| zulip | zulip_server | 1.3.0 |
| zulip | zulip_server | 1.3.1 |
| zulip | zulip_server | 1.3.2 |
| zulip | zulip_server | 1.3.3 |
| zulip | zulip_server | 1.3.4 |
| zulip | zulip_server | 1.3.6 |
| zulip | zulip_server | 1.3.7 |
| zulip | zulip_server | 1.3.8 |
| zulip | zulip_server | 1.3.9 |
| zulip | zulip_server | 1.3.10 |
| zulip | zulip_server | 1.3.11 |
| zulip | zulip_server | 1.3.12 |
| zulip | zulip_server | 1.3.13 |
| zulip | zulip_server | 1.4.0 |
| zulip | zulip_server | 1.4.1 |
| zulip | zulip_server | 1.4.2 |
| zulip | zulip_server | 1.4.3 |
| zulip | zulip_server | 1.5.0 |
| zulip | zulip_server | 1.5.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.
References