Zulip
CVE-2022-31168
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the Who can create bots permission to administrators only, and change the ownership of existing bots.
AnalysisAI
Zulip is an open source team chat tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-285. Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the Who can create bots permission to administrators only, and change the ownership of existing bots. Affected products include: Zulip.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins ma
Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitab
Path traversal in Zulip's ./manage.py import function allows local attackers to read arbitrary files from the server fil
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "move
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7)
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. Rated me
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. Rated medi
Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public strea
Zulip is an open source group chat application that combines real-time chat with threaded conversations. Rated medium se
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium se
Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.7), this v
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today