Access Control Flaw in Zulip Server by Zulip
CVE-2020-14215

7.5HIGH

Key Information:

Vendor: Zulip
Status: Zulip Server
Vendor: CVE Published:; 21 August 2020

What is CVE-2020-14215?

A vulnerability exists in Zulip Server before version 2.1.5, where an improper access control mechanism allows the administrator role to be assigned to user invitations unintentionally. This misconfiguration can lead to unauthorized users gaining elevated privileges, compromising the security of the server and its communications. Users are advised to update to version 2.1.5 or later to mitigate this risk.

References

https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-secu...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2020
Vulnerability Reserved
Jun 17, 2020