CVE-2024-56136

Medium CVSS: 6.9

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.

Vendor

Zulip

Product

Zulip Server

CWE

CWE-200

Yayın Tarihi

2025-01-16 20:15:33

Güncelleme

2025-09-27 00:16:08

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Zulip Server MEDIUM Zulip 2025

Referanslar

https://github.com/zulip/zulip/commit/c6334a765b1e6d71760e4a3b32ae5b8367f2ed4d https://github.com/zulip/zulip/security/advisories/GHSA-5xg8-xhfj-4hm6

Benzer Kayıtlar

Low

CVE-2026-24050

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profil…

Medium

CVE-2025-52559

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL…

Medium

CVE-2025-47930

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create p…

High

CVE-2025-31478

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely…

Low

CVE-2025-30368

Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricte…

Low

CVE-2025-30369

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed t…