Incorrect Comparison

CVE-2022-35962

Medium

5.7/10

Summary

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory Timeline

Published Aug 29, 2022

Incorrect Comparison

CVE-2022-35962

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS