Zulip

Zulip

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-52559

  • EPSS 0.05%
  • Published 02.07.2025 19:31:12
  • Last modified 02.10.2025 01:51:09

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cros...

5.3

CVE-2025-47930

  • EPSS 0.05%
  • Published 15.05.2025 23:17:29
  • Last modified 27.08.2025 02:26:59

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the ch...

8.2

CVE-2025-31478

  • EPSS 0.05%
  • Published 16.04.2025 21:28:23
  • Last modified 27.09.2025 00:10:58

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on em...

2.7

CVE-2025-30369

  • EPSS 0.03%
  • Published 31.03.2025 17:15:42
  • Last modified 27.09.2025 00:15:46

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as...

2.7

CVE-2025-30368

  • EPSS 0.04%
  • Published 31.03.2025 17:15:42
  • Last modified 27.08.2025 01:51:53

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. The...

2.7

CVE-2025-27149

  • EPSS 0.03%
  • Published 31.03.2025 16:15:23
  • Last modified 27.09.2025 00:15:56

Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific in...

4.3

CVE-2025-25195

  • EPSS 0.08%
  • Published 13.02.2025 22:15:13
  • Last modified 13.02.2025 22:15:13

Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to...

5.3

CVE-2024-56136

  • EPSS 0.1%
  • Published 16.01.2025 20:15:33
  • Last modified 27.09.2025 00:16:08

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated u...

7.5

CVE-2024-36612

  • EPSS 0.22%
  • Published 29.11.2024 20:15:20
  • Last modified 09.04.2025 18:54:42

Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.

5.4

CVE-2024-36624

  • EPSS 0.09%
  • Published 29.11.2024 18:15:08
  • Last modified 29.11.2024 19:15:07

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.