CVE-2023-32678
CVSS V2 None
CVSS V3 None
Description
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.
Overview
- CVE ID
- CVE-2023-32678
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-08-25T20:04:49.432Z
- Last Modified Date
- 2023-08-25T20:04:49.432Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/zulip/zulip/security/advisories/GHSA-q3wg-jm9p-35fj | x_refsource_CONFIRM |
https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-7-3 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-32678 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32678 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 11:36:32 | Added to TrackCVE |