Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
2017-06-02T17:29:00.167
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | zulip | zulip_server | 1.3.0 | Yes |
| Application | zulip | zulip_server | 1.3.1 | Yes |
| Application | zulip | zulip_server | 1.3.2 | Yes |
| Application | zulip | zulip_server | 1.3.3 | Yes |
| Application | zulip | zulip_server | 1.3.4 | Yes |
| Application | zulip | zulip_server | 1.3.6 | Yes |
| Application | zulip | zulip_server | 1.3.7 | Yes |
| Application | zulip | zulip_server | 1.3.8 | Yes |
| Application | zulip | zulip_server | 1.3.9 | Yes |
| Application | zulip | zulip_server | 1.3.10 | Yes |
| Application | zulip | zulip_server | 1.3.11 | Yes |
| Application | zulip | zulip_server | 1.3.12 | Yes |
| Application | zulip | zulip_server | 1.3.13 | Yes |
| Application | zulip | zulip_server | 1.4.0 | Yes |
| Application | zulip | zulip_server | 1.4.1 | Yes |
| Application | zulip | zulip_server | 1.4.2 | Yes |
| Application | zulip | zulip_server | 1.4.3 | Yes |
| Application | zulip | zulip_server | 1.5.0 | Yes |
| Application | zulip | zulip_server | 1.5.1 | Yes |