CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-732 CWE-269

Information

Published : 2021-04-15 00:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-30479

Mitre link : CVE-2021-30479

CVE.ORG link : CVE-2021-30479


JSON object : View

Products Affected

zulip

  • zulip_server
CWE
CWE-269

Improper Privilege Management