CVE-2017-0896 - AskarLabs CVE Database

CVE-2017-0896

Vendor Zulip

Product Zulip Server

Weakness CWE-285

Published June 2, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.

Key dates

02Disclosure timeline

June 2, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-0896

Related vulnerabilities

04Related CVE

CVE-2018-1116 CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise CVE-2021-42000 Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows CVE-2020-10516 Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member CVE-2021-38486 InHand Networks IR615 Router