CVE-2017-0881 - AskarLabs CVE Database

CVE-2017-0881

Vendor N/A

Product Zulip Server Versions 1.4.2 and below

Weakness CWE-200 · Info exposure

Published March 28, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

Key dates

02Disclosure timeline

March 28, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-0881 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-45834 WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Sensitive Data Exposure CVE-2021-21534 CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit CVE-2022-0577 Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability