First published: Thu Nov 23 2017(Updated: )
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zulip Zulip Server | <1.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.