CVE-2021-30477

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
References
Link Resource
https://blog.zulip.com/2021/04/14/zulip-server-3-4/ Release Notes Vendor Advisory
https://blog.zulip.com/2021/04/14/zulip-server-3-4/ Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:04

Type Values Removed Values Added
References () https://blog.zulip.com/2021/04/14/zulip-server-3-4/ - Release Notes, Vendor Advisory () https://blog.zulip.com/2021/04/14/zulip-server-3-4/ - Release Notes, Vendor Advisory

Information

Published : 2021-04-15 00:15

Updated : 2024-11-21 06:04


NVD link : CVE-2021-30477

Mitre link : CVE-2021-30477

CVE.ORG link : CVE-2021-30477


JSON object : View

Products Affected

zulip

  • zulip_server