1. CVE-Search
  2. CVE-2017-0881
ID CVE-2017-0881
Summary An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
References
Vulnerable Configurations
  • cpe:2.3:a:zulip:zulip_server:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.2.0:p1:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.2.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zulip:zulip_server:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:zulip:zulip_server:1.4.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 09-10-2019 - 23:21)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 97159
misc
Last major update 09-10-2019 - 23:21
Published 28-03-2017 - 02:59
Last modified 09-10-2019 - 23:21
Back to Top