CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-21 23:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-18933

Mitre link : CVE-2019-18933

CVE.ORG link : CVE-2019-18933


JSON object : View

Products Affected

zulip

  • zulip_server