Skip to content

Ineffective expiration validation for invitation links

Moderate
alexmv published GHSA-wj76-pcqr-mf9f Dec 2, 2021

Package

Zulip Server (Zulip)

Affected versions

<4.8

Patched versions

4.8

Description

Impact

Expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow.

Patches

The issue is fixed in Zulip 4.8.

Workarounds

None.

Severity

Moderate

CVE ID

CVE-2021-43791

Weaknesses