← back
CVE-2021-30479

CVE-2021-30479

EPSS 0.9%
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.zulip.com/2021/04/14/zulip-server-3-4/