CVE-2022-24751

Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.

CVSS v3 7.4 HIGH
CVSS v2.0 5.8 MEDIUM

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717	Patch Third Party Advisory
https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4	Patch Third Party Advisory
https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-16 14:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-24751

Mitre link : CVE-2022-24751

CVE.ORG link : CVE-2022-24751

JSON object : View

Products Affected

zulip

zulip

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2022-24751", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2022-03-16T14:15:08.487", "references": [{"url": "https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds."}, {"lang": "es", "value": "Zulip es una aplicaci\u00f3n de chat de grupo de c\u00f3digo abierto. A partir de la versi\u00f3n 4.0 y versiones anteriores a 4.11, Zulip es vulnerable a una condici\u00f3n de carrera durante la deshabilitaci\u00f3n de la cuenta, donde un acceso simult\u00e1neo por parte del usuario que est\u00e1 siendo deshabilitado puede, en raros casos, permitir el acceso continuo por parte del usuario deshabilitado. Se presenta un parche disponible en versi\u00f3n 4.11 en la rama 4.x y en versi\u00f3n 5.0-rc1 en la rama 5.x. Una actualizaci\u00f3n a una versi\u00f3n corregida deshabilitar\u00e1, como efecto secundario, cualquier sesi\u00f3n en cach\u00e9 que pueda haberse filtrado mediante este bug. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas"}], "lastModified": "2022-03-22T15:25:06.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "011572BD-FA58-42D2-AC46-1503D66E31D3", "versionEndExcluding": "4.11", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}