What is CVE-2021-43791?

CVE-2021-43791 is a medium-severity vulnerability in Zulip, classified under Insufficient Session Expiration. CVSS score: 6.5/10. Published 2021-12-02.

How severe is CVE-2021-43791?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Zulip

CVE-2021-43791

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the…

EPSS: 0.002 (40.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Zulip — versions < 4.8

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

References

github.com/zulip/zulip/security/advisories/GHSA-wj76-pcqr-mf9f (x_refsource_CONFIRM)
github.com/zulip/zulip/commit/a014ef75a3a0ed7f24ebb157632ba58751e732c6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43791?: CVE-2021-43791 is a medium-severity vulnerability in Zulip, classified under Insufficient Session Expiration. CVSS score: 6.5/10. Published 2021-12-02.
How severe is CVE-2021-43791?: Medium severity. CVSS v3 base score is 6.5 out of 10.