CVE-2017-0896

Summary

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.

Affected Software

VendorProductVersion RangeStatus
ZulipZulip Server1.5.1 and belowaffected

Weaknesses

  • CWE-285: Improper Authorization (CWE-285)

ADP Enrichment

CVE Program Container

Additional References

References