Main Vulnerability Database Vulnerabilities #VU87651

#VU87651 Improper access control in Zulip Server - CVE-2024-27286

Published: March 20, 2024

Vulnerability identifier: #VU87651

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-27286

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zulip Server

Software vendor:
Zulip

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to an error in the moving messages feature when moving messages between stream or unsubscribing users from a stream. A remote user who previously had access to a stream can continue reading messages.

Remediation

Install updates from vendor's website.

External links

https://github.com/zulip/zulip/security/advisories/GHSA-478x-rfqr-w4jf

#VU87651 Improper access control in Zulip Server - CVE-2024-27286

Description

Remediation

External links

Please verify you're human