In Zulip Server before 1.7.1, on a server with multiple...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Nov 27, 2017
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 1, 2023
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
References