CVE-2021-30487

Low

2.7/10

Summary

In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published Apr 15, 2021

CVE-2021-30487

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS