VYPR

Zulip

by Zulip

Source repositories

CVEs (51)

  • CVE-2021-3967Feb 26, 2022
    risk 0.00cvss epss 0.01

    Improper Access Control in GitHub repository zulip/zulip prior to 4.10.

  • CVE-2022-21706Feb 25, 2022
    risk 0.00cvss epss 0.01

    Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack…

  • CVE-2021-43799Jan 25, 2022
    risk 0.00cvss epss 0.05

    Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which…

  • CVE-2021-3866Jan 20, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

  • CVE-2021-43791Dec 2, 2021
    risk 0.00cvss epss 0.01

    Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A…

  • CVE-2021-41115Oct 7, 2021
    risk 0.00cvss epss 0.02

    Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization…

  • CVE-2020-10857Feb 5, 2021
    risk 0.00cvss epss 0.03

    Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.

  • CVE-2020-10858Feb 5, 2021
    risk 0.00cvss epss 0.01

    Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.

  • CVE-2020-24582Sep 10, 2020
    risk 0.00cvss epss 0.01

    Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.

  • CVE-2020-12637May 9, 2020
    risk 0.00cvss epss 0.01

    Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.

  • CVE-2020-9443Mar 18, 2020
    risk 0.00cvss epss 0.01

    Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.

Page 3 of 3