Zulip
Monthly
{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.
Path traversal in Zulip's ./manage.py import function allows local attackers to read arbitrary files from the server filesystem and copy them into the uploads directory via a crafted export tarball containing specially crafted paths in uploads/records.json. Zulip versions 1.4.0 through 11.5 are affected; the vulnerability requires local access and user interaction (import initiation) but can expose sensitive server data readable by the Zulip application user. No active exploitation has been confirmed; a vendor-released patch is available in version 11.6.
Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public streams even after spectator access is disabled, due to incomplete access control on attachment serving and the /users/me/<stream_id>/topics endpoint. An attacker can bypass intended access restrictions to read file contents and stream metadata after public access is supposed to be revoked. The vulnerability affects all Zulip deployments that previously enabled spectator access and then disabled it. Vendor-released patch: version 11.6.
Zulip is an open-source team chat application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Zulip is an open source team chat tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
Zulip is an open source group chat application that combines real-time chat with threaded conversations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.
Path traversal in Zulip's ./manage.py import function allows local attackers to read arbitrary files from the server filesystem and copy them into the uploads directory via a crafted export tarball containing specially crafted paths in uploads/records.json. Zulip versions 1.4.0 through 11.5 are affected; the vulnerability requires local access and user interaction (import initiation) but can expose sensitive server data readable by the Zulip application user. No active exploitation has been confirmed; a vendor-released patch is available in version 11.6.
Zulip versions 1.4.0 through 11.5 allow unauthenticated retrieval of attachments and topic history from web-public streams even after spectator access is disabled, due to incomplete access control on attachment serving and the /users/me/<stream_id>/topics endpoint. An attacker can bypass intended access restrictions to read file contents and stream metadata after public access is supposed to be revoked. The vulnerability affects all Zulip deployments that previously enabled spectator access and then disabled it. Vendor-released patch: version 11.6.
Zulip is an open-source team chat application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Zulip is an open source team chat tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Zulip is an open-source team collaboration tool. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
Zulip is an open source group chat application that combines real-time chat with threaded conversations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Zulip is an open source team chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.