CVE-2024-27286

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 20, 2024
Updated: Mar 21, 2024
CWE ID 200

Summary

CVE-2024-27286 is a vulnerability affecting Zulip, an open-source team collaboration tool. When a user moves a message from a public stream to a private one, the message remains visible in the public stream for active users who don't have access to the private stream, until they reload their client. Additionally, these users retain view permissions on the message, allowing it to appear in search results and the "All messages" view. Introduced in Zulip version 3.0, this issue gained significance when the default option for moving the last message in a conversation changed to this method in version 8.0. The vulnerability has been patched in Zulip Server 8.3, with no known workarounds currently available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-27286 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions