Zulip
CVE-2021-43791
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible.
AnalysisAI
Zulip is an open source group chat application that combines real-time chat with threaded conversations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-613. Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible. Affected products include: Zulip.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,
Zulip is an open source team chat tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins ma
Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitab
Path traversal in Zulip's ./manage.py import function allows local attackers to read arbitrary files from the server fil
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "move
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7)
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. Rated me
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. Rated medi
Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public strea
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium se
Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.7), this v
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today