Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
/api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server
Vulnerability Description
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Zulip server 信息泄露漏洞
Vulnerability Description
Zulip server是美国Zulip公司的一款开源的团队聊天应用程序。 Zulip server 7.0版本至9.4之前版本存在信息泄露漏洞,该漏洞源于容易受到信息泄露攻击,未经身份验证的用户可以发出请求并确定用户是否正在使用电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A