CVE-2022-35962

Source
https://cve.org/CVERecord?id=CVE-2022-35962
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35962.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-35962
Aliases
  • GHSA-4gj2-j32x-4wg5
Published
2022-08-29T14:50:09Z
Modified
2026-04-10T04:49:34.006599Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Crafted link in Zulip message can cause disclosure of credentials
Details

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.

Database specific
{
    "cwe_ids": [
        "CWE-184",
        "CWE-436"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35962.json"
}
References

Affected packages

Git / github.com/zulip/zulip-mobile

Affected ranges

Type
GIT
Repo
https://github.com/zulip/zulip-mobile
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*
0.7.1
1.*
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.24
1.0.25
1.0.26
1.0.27
1.0.29
10.*
10.1.70
11.*
11.1.73
11.3.74
11.4.75
11.5.76
11.6.77
12.*
12.0.80
12.1.81
12.2.82
13.*
13.1.85
14.*
14.0.90
15.*
15.0.92
16.*
16.0.93
16.1.94
16.2.96
17.*
17.0.97
18.*
18.0.99
19.*
19.0.100
19.1.101
19.2.102
2.*
2.1.33
2.3.35
2.7.39
20.*
20.0.103
21.*
21.0.104
21.1.105
21.2.106
22.*
22.0.107
23.*
23.0.109
23.1.110
23.2.111
24.*
24.0.113
25.*
25.0.114
25.1.115
25.2.116
25.3.117
25.4.118
25.6.120
25.7.121
25.8.122
26.*
26.0.123
26.1.124
26.10.133
26.11.134
26.12.135
26.13.136
26.14.137
26.16.139
26.17.140
26.18.141
26.20.143
26.21.144
26.22.145
26.23.146
26.24.147
26.25.148
26.26.149
26.28.151
26.29.152
26.3.126
26.30.153
26.4.127
26.5.128
26.6.129
26.7.130
26.8.131
26.9.132
3.*
3.0.40
3.1.41
3.2.42
3.3.43
5.*
5.0.46
6.*
6.6.53
7.*
7.0.54
7.1.55
7.3.57
8.*
8.1.62
8.2.63
8.3.64
9.*
9.1.67
v27.*
v27.154
v27.155
v27.156
v27.157
v27.158
v27.159
v27.162
v27.164
v27.166
v27.169
v27.170
v27.171
v27.172
v27.173
v27.174
v27.176
v27.177
v27.181
v27.182
v27.183
v27.184
v27.185
v27.186
v27.187
v27.188
v27.189

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35962.json"