216.73.217.22

CVE-2025-47930

· Published 16/05/2025 00:15 · Modified 16/05/2025 14:42

Labels: CVE-2025-47930 2025-05-16CVE-2025-47930CWE-863[email protected]

Essential information

Published
16/05/2025 00:15
Modified
16/05/2025 14:42
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the "private" radio button as disabled in such cases. Version 10.3 contains a patch.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zulip / zulip cpe:2.3:a:zulip:zulip:10.0-10.3:*:*:*:*:*:*:*

References