CVE-2021-30479
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-30479
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30479.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-30479
- Published
- 2021-04-15T00:15:13Z
- Modified
- 2025-01-14T09:12:30.372778Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the allpublicstreams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
- References
Affected packages
Git / github.com/zulip/zulip
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zulip/zulip
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.3.0
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.8.0-rc1
1.9.0
1.9.0-rc2
1.9.0-rc3
2.*
2.0.0
2.0.0-rc1
2.1-dev
2.1.0
2.1.0-rc1
2.2-dev
3.*
3.0
3.0-dev
3.0-rc1
3.0-rc2
3.1
3.2
3.3
4.*
4.0-dev
enterprise-1.*
enterprise-1.1.5
enterprise-1.2.0
shared-0.*
shared-0.0.1
shared-0.0.2