CVE-2024-21630

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 25, 2024

Updated: Jan 31, 2024

CWE ID 862

Summary

CVE-2024-21630 is a vulnerability affecting version 8.0 of the open-source team collaboration tool, Zulip. This issue is distinct from CVE-2023-32677, as it arises when non-admin users are allowed to create multi-use invitations, while only admins are authorized to invite users to streams. This configuration combination can lead to unintended users gaining access to specific streams. Version 8.1 of Zulip addresses this vulnerability, while administrators can apply a workaround by limiting the distribution of invitations to users who possess the ability to add users to streams.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Zulip Server

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-21630 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database