What the vulnerability does

01Description

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.

Key dates

02Disclosure timeline

July 28, 2022 CVE published
August 6, 2024 Record updated