Security Advisory

CVE-2021-30478

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-14 23:47:27

Last updated 2024-08-03 22:32:41

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.

← Browse all CVEs View on cve.org ↗