What is CVE-2022-31168?

CVE-2022-31168 is a medium-severity vulnerability in Zulip, classified under Improper Authorization. CVSS score: 5.4/10. Published 2022-07-22.

How severe is CVE-2022-31168?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Auth bypass in Zulip

CVE-2022-31168

Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. Th…

EPSS: 0.003 (56.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Zulip — versions < 5.5

Weakness classification (CWE)

References

github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5 (x_refsource_CONFIRM)
github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034 (x_refsource_MISC)
github.com/zulip/zulip/releases/tag/5.5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31168?: CVE-2022-31168 is a medium-severity vulnerability in Zulip, classified under Improper Authorization. CVSS score: 5.4/10. Published 2022-07-22.
How severe is CVE-2022-31168?: Medium severity. CVSS v3 base score is 5.4 out of 10.