CVE-2024-27286
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-27286 is a vulnerability affecting Zulip, an open-source team collaboration tool. When a user moves a message from a public stream to a private one, the message remains visible in the public stream for active users who don't have access to the private stream, until they reload their client. Additionally, these users retain view permissions on the message, allowing it to appear in search results and the "All messages" view. Introduced in Zulip version 3.0, this issue gained significance when the default option for moving the last message in a conversation changed to this method in version 8.0. The vulnerability has been patched in Zulip Server 8.3, with no known workarounds currently available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions