CVE-2023-47642

Summary

CVE-2023-47642 is a vulnerability affecting Zulip, an open-source team collaboration tool. The Zulip development team identified an issue where users who had previously subscribed to a stream, but had been removed from the organization, could still access metadata for that stream using the Zulip API. Metadata includes the stream name, description, settings, and an email address used for the incoming email integration. This issue could potentially allow unauthorized users to view changes to a stream's metadata even after they lost access to the stream. Users are advised to upgrade to Zulip version 7.5 to address this vulnerability. No known workarounds exist for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.