CVE-2023-47642— Zulip 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2023-47642 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Stream description leaks to ex-subscribers in Zulip
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream’s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
信息暴露
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Zulip 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Zulip是美国Zulip公司的一款功能强大的开源群聊应用程序。用于将实时聊天的即时性与线程对话的生产力优势相结合。 Zulip 7.5版本存在安全漏洞,该漏洞源于之前错误订阅流的活跃用户仍然能够使用Zulip API访问该流的元数据,允许用户在失去对流的访问权限后查看流元数据的更改。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2023-47642 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2023-47642 的情报信息
请登录查看更多情报信息。
CVE-2023-47642 补丁与修复 (1)
CVE-2023-47642 厂商安全公告 (1)
- https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8px_refsource_CONFIRM
IV. Related Vulnerabilities
V. Comments for CVE-2023-47642
暂无评论