What is CVE-2017-0896?

CVE-2017-0896 is a medium-severity vulnerability in Zulip Server, classified under Improper Authorization. CVSS score: 6.5/10. Published 2017-06-02.

How severe is CVE-2017-0896?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Zulip Server

CVE-2017-0896

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization e…

EPSS: 0.001 (35.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Zulip Server — versions 1.5.1 and below
Zulip Zulip_server — versions 1.3.0, 1.3.1, 1.3.2

Weakness classification (CWE)

References

support@hackerone.com (mailing-list, x_refsource_MLIST)
support@hackerone.com (Permissions Required, x_refsource_MISC)
support@hackerone.com (Patch, x_refsource_MISC, Issue Tracking)

Frequently asked questions

What is CVE-2017-0896?: CVE-2017-0896 is a medium-severity vulnerability in Zulip Server, classified under Improper Authorization. CVSS score: 6.5/10. Published 2017-06-02.
How severe is CVE-2017-0896?: Medium severity. CVSS v3 base score is 6.5 out of 10.