Vulnerabilities > CVE-2021-30487 - Unspecified vulnerability in Zulip Server 3.0/3.1

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

zulip

NVD

Published: 2021-04-15

Updated: 2022-07-12

Summary

In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.

Vulnerable Configurations

Part	Description	Count
Application	Zulip Zulip Zulip Server 3.0 Zulip Zulip Server 3.1	4

References

https://blog.zulip.com/2021/04/14/zulip-server-3-4/