cbcvebase.

Zulip Server vulnerabilities

40 known vulnerabilities affecting zulip/zulip_server.

Total CVEs
40
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM29LOW4

Vulnerabilities

Page 1 of 2
CVE-2019-18933P2CRITICALCVSS 9.8≥ 1.7.0, < 2.0.72019-11-21
CVE-2019-18933 [CRITICAL] CVE-2019-18933: In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the
nvd
CVE-2022-21706P3CRITICALCVSS 9.8≥ 2.0.0, < 4.10.02022-02-26
CVE-2022-21706 [CRITICAL] CWE-284 CVE-2022-21706: Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0 Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role wit
nvd
CVE-2025-31478P3HIGHCVSS 8.2fixed in 10.22025-04-16
CVE-2025-31478 [HIGH] CWE-287 CVE-2025-31478: Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creati Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that i
nvd
CVE-2020-15070P3HIGHCVSS 8.8fixed in 2.1.72020-08-21
CVE-2020-15070 [HIGH] CWE-94 CVE-2020-15070: Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write dire Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
nvd
CVE-2017-0910P3HIGHCVSS 8.8fixed in 1.7.1vbefore 1.7.12017-11-27
CVE-2017-0910 [HIGH] CWE-863 CVE-2017-0910: In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation sy In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
nvd
CVE-2020-14215P3HIGHCVSS 7.5fixed in 2.1.52020-08-21
CVE-2020-14215 [HIGH] CWE-269 CVE-2020-14215: Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as a Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
nvd
CVE-2024-27286P3MEDIUMCVSS 6.5≥ 3.0, < 8.32024-03-20
CVE-2024-27286 [MEDIUM] CWE-200 CVE-2024-27286: Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the op Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the mes
nvd
CVE-2023-32678P3MEDIUMCVSS 6.5fixed in 7.32023-08-25
CVE-2023-32678 [MEDIUM] CWE-285 CVE-2023-32678: Zulip is an open-source team collaboration tool with topic-based threading that combines email and c Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organizati
nvd
CVE-2026-40300P3MEDIUMCVSS 6.5v10.02026-05-12
CVE-2026-40300 [MEDIUM] CWE-284 CVE-2026-40300: Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulnerability is fixed in 12.0.
nvd
CVE-2019-16215P4MEDIUMCVSS 6.5fixed in 2.0.52019-09-18
CVE-2019-16215 [MEDIUM] CWE-1333 CVE-2019-16215: The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
nvd
CVE-2024-36612P4HIGHCVSS 7.5≥ 8.0, ≤ 8.32024-11-29
CVE-2024-36612 [HIGH] CWE-125 CVE-2024-36612: Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
nvd
CVE-2017-0896P4MEDIUMCVSS 6.5v1.3.0v1.3.1+18 more2017-06-02
CVE-2017-0896 [MEDIUM] CWE-285 CVE-2017-0896: Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
nvd
CVE-2024-56136P4MEDIUMCVSS 5.3≥ 7.0, < 9.42025-01-16
CVE-2024-56136 [MEDIUM] CWE-200 CVE-2024-56136: Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip S Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolv
nvd
CVE-2021-30479P4MEDIUMCVSS 5.3fixed in 3.42021-04-15
CVE-2021-30479 [MEDIUM] CWE-269 CVE-2021-30479: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_st An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
nvd
CVE-2026-24050P4MEDIUMCVSS 5.4≥ 5.0, < 11.52026-02-06
CVE-2026-24050 [MEDIUM] CWE-79 CVE-2026-24050: Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative action Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.
nvd
CVE-2023-33186P4MEDIUMCVSS 6.1v7.02023-05-30
CVE-2023-33186 [MEDIUM] CWE-79 CVE-2023-33186: Zulip is an open-source team collaboration tool with unique topic-based threading that combines the Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in toolt
nvd
CVE-2019-16216P4MEDIUMCVSS 5.4≥ 1.8.0, < 2.0.52019-09-18
CVE-2019-16216 [MEDIUM] CWE-79 CVE-2019-16216: Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is log Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for
nvd
CVE-2022-31134P4MEDIUMCVSS 4.9≥ 2.1.0, < 5.42022-07-12
CVE-2022-31134 [MEDIUM] CWE-200 CVE-2022-31134: Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user inter Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to ha
nvd
CVE-2020-9444P4MEDIUMCVSS 6.1≤ 2.1.32020-04-20
CVE-2020-9444 [MEDIUM] CWE-1021 CVE-2020-9444: Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
nvd
CVE-2020-9445P4MEDIUMCVSS 6.1fixed in 2.1.32020-04-20
CVE-2020-9445 [MEDIUM] CWE-79 CVE-2020-9445: Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
nvd
Zulip Server vulnerabilities | cvebase