QwikSec

Security Database

CVE

CWE

Training

CVE-2017-0881

Published: Mar 28, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

Vendor	Product	Versions
n/a	Zulip Server Versions 1.4.2 and below	affected `Zulip Server Versions 1.4.2 and below`

Weaknesses (CWE)

References

vdb-entry

x_refsource_BID

https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ

x_refsource_MISC

https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.