Improper Authentication in Zulip Server - CVE-2019-18933
Published: November 22, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30586
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-18933
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zulip
Affected software:
Zulip Server
Zulip Server
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
How to mitigate CVE-2019-18933
Install update from vendor's website.