Home > Vulnerability Database > CVE-2024-21630

Mend.io Vulnerability Database

CVE-2024-21630

Good to know:

Date: January 25, 2024

Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams.

Language: Python

Severity Score

4.3

Related Resources (7)

Url: https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations

Url: https://zulip.com/help/configure-who-can-invite-to-streams

Url: https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6

Url: https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc

Url: https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21630

Url: https://www.mend.io/vulnerability-database/CVE-2024-21630

Severity Score

4.3

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version 8.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21630

Good to know:

Date: January 25, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?