Vulnerabilities > Zulip > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-22 | CVE-2022-31168 | Incorrect Authorization vulnerability in Zulip Zulip is an open source team chat tool. | 8.8 |
2021-02-05 | CVE-2020-10857 | Unspecified vulnerability in Zulip Desktop Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | 7.5 |
2019-11-21 | CVE-2019-18933 | Unspecified vulnerability in Zulip Server In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | 7.5 |