Vulnerabilities > Zulip > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-28 CVE-2016-4427 Unspecified vulnerability in Zulip
In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.
network
low complexity
zulip
7.5
2022-07-22 CVE-2022-31168 Incorrect Authorization vulnerability in Zulip
Zulip is an open source team chat tool.
network
low complexity
zulip CWE-863
8.8
2022-03-16 CVE-2022-24751 Race Condition vulnerability in Zulip
Zulip is an open source group chat application.
network
high complexity
zulip CWE-362
7.4
2022-02-26 CVE-2021-3967 Unspecified vulnerability in Zulip
Improper Access Control in GitHub repository zulip/zulip prior to 4.10.
network
low complexity
zulip
8.8
2020-08-21 CVE-2020-15070 Code Injection vulnerability in Zulip Server
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
network
low complexity
zulip CWE-94
8.8
2020-08-21 CVE-2020-14215 Improper Privilege Management vulnerability in Zulip Server
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
network
low complexity
zulip CWE-269
7.5
2017-11-27 CVE-2017-0910 Improper Authentication vulnerability in Zulip Server
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
network
low complexity
zulip CWE-287
8.8