Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zulip server 授权问题漏洞
Vulnerability Description
Zulip server是美国Zulip公司的一款开源的团队聊天应用程序。 Zulip server 1.7.0及之后版本(2.0.7版本已修复)中的新用户注册进程存在安全漏洞。攻击者可利用该漏洞几乎获取用户账户的全部访问权限。
CVSS Information
N/A
Vulnerability Type
N/A