CVE-2017-0910 - AskarLabs CVE Database

CVE-2017-0910

Vendor Zulip

Product Zulip Server

Weakness CWE-863 · Incorrect authorization

Published November 27, 2017

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.

Key dates

02Disclosure timeline

November 27, 2017 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-0910 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-1752 Incorrect Authorization in GitLab CVE-2025-15288 Tanium addressed an improper access controls vulnerability in Interact. CVE-2026-32123 OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced CVE-2024-13302 Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068 CVE-2024-45125 Adobe Commerce | Incorrect Authorization (CWE-863)