Invitation System Flaw in Zulip Server by Zulip
CVE-2017-0910

8.8HIGH

Key Information:

Vendor: Zulip
Status: Zulip Server
Vendor: CVE Published:; 27 November 2017

What is CVE-2017-0910?

An authorization issue in the invitation system of Zulip Server allows users from one realm to create accounts in other realms, potentially compromising data and user privacy. This flaw affects installations prior to version 1.7.1, making it critical for administrators to promptly update to the latest release to secure all realms against potential unauthorized access.

Affected Version(s)

Zulip Server before 1.7.1

References

https://github.com/zulip/zulip/commit/960d736e55cbb9386a6...

x_refsource_CONFIRM

http://blog.zulip.org/2017/11/23/zulip-1-7-1-released/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2017
Vulnerability Reserved
Nov 30, 2016

JSON