CVE Vulnerabilities

CVE-2016-4427

Published: Jul 28, 2022 | Modified: Aug 04, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.

Affected Software

Name Vendor Start Version End Version
Zulip Zulip * 1.3.12 (excluding)

References