CVE-2017-0881

Summary

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

Affected Software

VendorProductVersion RangeStatus
n/aZulip Server Versions 1.4.2 and belowZulip Server Versions 1.4.2 and belowaffected

Weaknesses

  • CWE-200: Information Exposure (CWE-200)

ADP Enrichment

CVE Program Container

Additional References

References