Zulip

Zulip

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-25195

  • EPSS 0.19%
  • Veröffentlicht 13.02.2025 22:15:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to...

5.3

CVE-2024-56136

  • EPSS 0.15%
  • Veröffentlicht 16.01.2025 20:15:33
  • Zuletzt bearbeitet 27.09.2025 00:16:08

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated u...

7.5

CVE-2024-36612

  • EPSS 0.14%
  • Veröffentlicht 29.11.2024 20:15:20
  • Zuletzt bearbeitet 09.04.2025 18:54:42

Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.

5.4

CVE-2024-36624

  • EPSS 0.08%
  • Veröffentlicht 29.11.2024 18:15:08
  • Zuletzt bearbeitet 25.11.2025 13:49:35

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.

5.4

CVE-2024-36625

  • EPSS 0.07%
  • Veröffentlicht 29.11.2024 17:15:07
  • Zuletzt bearbeitet 25.11.2025 13:50:35

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.

6.5

CVE-2024-27286

  • EPSS 0.06%
  • Veröffentlicht 20.03.2024 20:15:08
  • Zuletzt bearbeitet 03.09.2025 14:30:33

Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one mess...

3.7

CVE-2023-28623

  • EPSS 0.07%
  • Veröffentlicht 19.05.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:55:41

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabl...

3.1

CVE-2023-32677

  • EPSS 0.09%
  • Veröffentlicht 19.05.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:03:49

Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 a...

4.3

CVE-2022-36048

  • EPSS 0.27%
  • Veröffentlicht 31.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:12:15

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who...

5.7

CVE-2022-35962

  • EPSS 0.55%
  • Veröffentlicht 29.08.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 07:12:03

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. ...