Vulnerabilities > Zulip > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-28 | CVE-2016-4427 | Unspecified vulnerability in Zulip In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. | 7.5 |
2022-07-22 | CVE-2022-31168 | Incorrect Authorization vulnerability in Zulip Zulip is an open source team chat tool. | 8.8 |
2022-03-16 | CVE-2022-24751 | Race Condition vulnerability in Zulip Zulip is an open source group chat application. | 7.4 |
2022-02-26 | CVE-2021-3967 | Unspecified vulnerability in Zulip Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | 8.8 |
2020-08-21 | CVE-2020-15070 | Code Injection vulnerability in Zulip Server Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | 8.8 |
2020-08-21 | CVE-2020-14215 | Improper Privilege Management vulnerability in Zulip Server Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. | 7.5 |
2017-11-27 | CVE-2017-0910 | Improper Authentication vulnerability in Zulip Server In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | 8.8 |