Vulnerabilities

CVE-2017-0896

by Fred · 02/06/2017

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.

Date published : 2017-06-02

https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b

https://hackerone.com/reports/224210

Similar

Tags: Cybersecurity Alert