CVE-2023-32678

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 25, 2023
Updated: Aug 31, 2023
CWE ID 285

Summary

CVE-2023-32678 affects Zulip, an open-source team collaboration tool. Previously subscribed users, even after being removed from private streams, can still edit messages, move them to other streams, and delete messages they had access to, provided relevant organization permissions allow these actions. This issue could potentially allow users to manipulate old messages in private streams. Although administrators can delete such messages, this vulnerability poses a risk to data integrity and confidentiality. It was addressed in Zulip Server version 7.3.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share