Security Advisory

CVE-2021-30479

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-14 23:48:38
Last updated 2024-08-03 22:32:41
Assigner mitre
State PUBLISHED

Description

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.