#VU72011 Arbitrary file upload in Zulip Server - CVE-2023-22735

Cybersecurity Help s.r.o.

Published: 2023-02-07

Vulnerability identifier: #VU72011

Vulnerability risk: Medium

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22735

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Zulip Server
Web applications / Other software

Vendor: Zulip

Description

The vulnerability allows a remote user to perform XSS attacks.

The vulnerability exists due to application allows to upload files with arbitrary Content-Type. Such file will be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header. A remote user can upload a malicious file and execute arbitrary Javascript in the victim's browser in security context of the website.

Mitigation

Install updates from vendor's website.

The vulnerability affects the main branch between 2023-01-09 and 2023-02-07.

Vulnerable software versions

Zulip Server: 6.1

External links
https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dangerous file upload in Zulip Server