Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Zulip group chat application server 安全漏洞
Vulnerability Description
Zulip group chat application server是一套使用Python编写的基于Django框架的开源组聊天应用程序。 Zulip group chat application server 1.4.3之前的版本中的check_stream_exists route的autosubscribe功能实现存在安全漏洞。攻击者可利用该漏洞绕过安全限制,执行未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A