Unrated severityNVD Advisory· Published Apr 14, 2021· Updated Aug 3, 2024
CVE-2021-30478
CVE-2021-30478
Description
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zulip/Zulip Serverdescription
- Range: <3.4
Patches
Vulnerability mechanics
References
1- blog.zulip.com/2021/04/14/zulip-server-3-4/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.