Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zulip allows the deletion of organization by administrators of a different organization
Vulnerability Description
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制SQL主密钥绕过授权机制
Vulnerability Title
Zulip server 安全漏洞
Vulnerability Description
Zulip server是美国Zulip公司的一款开源的团队聊天应用程序。 Zulip server 10.1之前版本存在安全漏洞,该漏洞源于删除组织导出API中的权限检查不足,可能导致管理员删除其他组织的导出。
CVSS Information
N/A
Vulnerability Type
N/A