VYPR

Zulip

by Zulip

Source repositories

CVEs (51)

  • CVE-2024-36624Nov 29, 2024
    risk 0.00cvss epss 0.00

    Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.

  • CVE-2024-36612Nov 29, 2024
    risk 0.00cvss epss 0.01

    Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.

  • CVE-2024-27286Mar 20, 2024
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a…

  • CVE-2024-21630Jan 25, 2024
    risk 0.00cvss epss 0.00

    Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be…

  • CVE-2023-47642Nov 16, 2023
    risk 0.00cvss epss 0.00

    Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had…

  • CVE-2023-32678Aug 25, 2023
    risk 0.00cvss epss 0.00

    Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete…

  • CVE-2023-33186May 30, 2023
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and…

  • CVE-2023-28623May 19, 2023
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in…

  • CVE-2023-32677May 19, 2023
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows…

  • CVE-2023-22735Feb 7, 2023
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no…

  • CVE-2022-41914Nov 16, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it…

  • CVE-2022-36048Aug 31, 2022
    risk 0.00cvss epss 0.00

    Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could…

  • CVE-2022-35962Aug 29, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in…

  • CVE-2016-4427Jul 28, 2022
    risk 0.00cvss epss 0.01

    In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.

  • CVE-2016-4426Jul 28, 2022
    risk 0.00cvss epss 0.00

    In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

  • CVE-2022-31168Jul 22, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server…

  • CVE-2022-31134Jul 12, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to…

  • CVE-2022-31017Jun 25, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when…

  • CVE-2022-24751Mar 16, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the…

  • CVE-2022-23656Mar 2, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a…