← back
CVE-2017-0896

CVE-2017-0896

EPSS 1.3%CWE-285
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
Affected products
Zulip · Zulip Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761bhttps://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJhttps://hackerone.com/reports/224210