CVE-2023-47642 - OpenCVE

Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream’s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zulip	Zulip Server

Configuration 1 [-]

cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737	Patch
https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-16T21:41:46.646Z

Updated: 2023-11-16T21:41:46.646Z

Reserved: 2023-11-07T16:57:49.245Z

Link: CVE-2023-47642

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-16T22:15:28.353

Modified: 2023-11-25T02:06:17.680

Link: CVE-2023-47642

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-47642", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-07T16:57:49.245Z", "datePublished": "2023-11-16T21:41:46.646Z", "dateUpdated": "2023-11-16T21:41:46.646Z"}, "containers": {"cna": {"title": "Stream description leaks to ex-subscribers in Zulip", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"}, {"name": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737", "tags": ["x_refsource_MISC"], "url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"}], "affected": [{"vendor": "zulip", "product": "zulip", "versions": [{"version": ">= 1.3.0, < 7.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-16T21:41:46.646Z"}, "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream\u2019s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-c9wc-65fh-9x8p", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "90D94B75-D1FD-4045-AA53-F03EE0DFD781", "versionEndExcluding": "7.5", "versionStartIncluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream\u2019s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue."}, {"lang": "es", "value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto. El equipo de desarrollo de Zulip descubri\u00f3 que los usuarios activos que previamente se hab\u00edan suscrito a una transmisi\u00f3n incorrectamente segu\u00edan pudiendo usar la API de Zulip para acceder a los metadatos de esa transmisi\u00f3n. Como resultado, los usuarios que hab\u00edan sido eliminados de una transmisi\u00f3n, pero que a\u00fan ten\u00edan una cuenta en la organizaci\u00f3n, a\u00fan pod\u00edan ver los metadatos de esa transmisi\u00f3n (incluido el nombre de la transmisi\u00f3n, la descripci\u00f3n, la configuraci\u00f3n y una direcci\u00f3n de correo electr\u00f3nico utilizada para enviar correos electr\u00f3nicos a la transmisi\u00f3n). A trav\u00e9s de la integraci\u00f3n de correo electr\u00f3nico entrante). Esto potencialmente permit\u00eda a los usuarios ver cambios en los metadatos de una transmisi\u00f3n despu\u00e9s de haber perdido el acceso a la misma. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 7.5 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para este problema."}], "id": "CVE-2023-47642", "lastModified": "2023-11-25T02:06:17.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-16T22:15:28.353", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}