CVSS 3.1 Score 6.5 of 10 (medium)


Published Mar 20, 2024
Updated: Mar 21, 2024
CWE ID 200


CVE-2024-27286 is a vulnerability in the open-source team collaboration tool, Zulip. When users move a message from a public stream to a private stream, active users who do not have access to the private stream can still see the message in the public stream until they refresh their client. Additionally, recently-active users can still view the message in "All messages" or search results, but not in "Inbox" or "Recent conversations" views. This bug has been present since version 3.0 of Zulip and became more common starting from version 8.0. The vulnerability has a base severity rating of MEDIUM and high confidentiality impact, posing a potential danger to organizations using Zulip.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27286 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options