← voltar
CVE-2017-0896

CVE-2017-0896

EPSS 1.3%CWE-285
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
Produtos afetados
Zulip · Zulip Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761bhttps://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJhttps://hackerone.com/reports/224210