Main Vulnerability Database Vulnerabilities #VU76393

#VU76393 Improper authorization in Zulip Server - CVE-2023-28623

Published: May 20, 2023

Vulnerability identifier: #VU76393

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-28623

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zulip Server

Software vendor:
Zulip

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to an error in the registration process. A remote attacker can register a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory.

Successful exploitation of the vulnerability requires that ZulipLDAPAuthBackend and an external authentication backend (any aside of ZulipLDAPAuthBackend and EmailAuthBackend) are the only ones enabled in AUTHENTICATION_BACKENDS in /etc/zulip/settings.py and that the organization permissions don't require invitations to join.

Remediation

Install updates from vendor's website.

#VU76393 Improper authorization in Zulip Server - CVE-2023-28623

Description

Remediation

External links

Please verify you're human