Zulip: Security Vulnerabilities
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
CVSS Score
5.3
EPSS Score
0.009
Published
2021-04-15
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
CVSS Score
2.7
EPSS Score
0.007
Published
2021-04-15
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.03
Published
2021-02-05
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
CVSS Score
5.3
EPSS Score
0.011
Published
2021-02-05
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-08-21
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-08-21
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-08-21
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
CVSS Score
8.8
EPSS Score
0.012
Published
2020-08-21
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-04-20
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-04-20