Vulnerability Details CVE-2022-35962
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v3 Score 8.0
References
- https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/
- https://github.com/zulip/zulip-mobile/releases/tag/v27.190
- https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5
- https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/
- https://github.com/zulip/zulip-mobile/releases/tag/v27.190
- https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5
Products affected by CVE-2022-35962
-
cpe:2.3:a:zulip:zulip:-
-
cpe:2.3:a:zulip:zulip:0.7.1
-
cpe:2.3:a:zulip:zulip:1.0.11
-
cpe:2.3:a:zulip:zulip:1.0.12
-
cpe:2.3:a:zulip:zulip:1.0.13
-
cpe:2.3:a:zulip:zulip:1.0.14
-
cpe:2.3:a:zulip:zulip:1.0.15
-
cpe:2.3:a:zulip:zulip:1.0.16
-
cpe:2.3:a:zulip:zulip:1.0.17
-
cpe:2.3:a:zulip:zulip:1.0.18
-
cpe:2.3:a:zulip:zulip:1.0.19
-
cpe:2.3:a:zulip:zulip:1.0.20
-
cpe:2.3:a:zulip:zulip:1.0.21
-
cpe:2.3:a:zulip:zulip:1.0.22
-
cpe:2.3:a:zulip:zulip:1.0.24
-
cpe:2.3:a:zulip:zulip:1.0.25
-
cpe:2.3:a:zulip:zulip:1.0.26
-
cpe:2.3:a:zulip:zulip:1.0.27
-
cpe:2.3:a:zulip:zulip:1.0.29
-
cpe:2.3:a:zulip:zulip:10.1.70
-
cpe:2.3:a:zulip:zulip:11.1.73
-
cpe:2.3:a:zulip:zulip:11.3.74
-
cpe:2.3:a:zulip:zulip:11.4.75
-
cpe:2.3:a:zulip:zulip:11.5.76
-
cpe:2.3:a:zulip:zulip:11.6.77
-
cpe:2.3:a:zulip:zulip:12.0.80
-
cpe:2.3:a:zulip:zulip:12.1.81
-
cpe:2.3:a:zulip:zulip:12.2.82
-
cpe:2.3:a:zulip:zulip:12.3.83
-
cpe:2.3:a:zulip:zulip:12.4.84
-
cpe:2.3:a:zulip:zulip:13.1.85
-
cpe:2.3:a:zulip:zulip:13.2.86
-
cpe:2.3:a:zulip:zulip:13.3.87
-
cpe:2.3:a:zulip:zulip:13.4.88
-
cpe:2.3:a:zulip:zulip:13.5.89
-
cpe:2.3:a:zulip:zulip:14.0.90
-
cpe:2.3:a:zulip:zulip:14.1.91
-
cpe:2.3:a:zulip:zulip:15.0.92
-
cpe:2.3:a:zulip:zulip:15.1.95
-
cpe:2.3:a:zulip:zulip:16.0.93
-
cpe:2.3:a:zulip:zulip:16.1.94
-
cpe:2.3:a:zulip:zulip:16.2.96
-
cpe:2.3:a:zulip:zulip:17.0.97
-
cpe:2.3:a:zulip:zulip:17.1.98
-
cpe:2.3:a:zulip:zulip:18.0.99
-
cpe:2.3:a:zulip:zulip:19.0.100
-
cpe:2.3:a:zulip:zulip:19.1.101
-
cpe:2.3:a:zulip:zulip:19.2.102
-
cpe:2.3:a:zulip:zulip:2.1.33
-
cpe:2.3:a:zulip:zulip:2.3.35
-
cpe:2.3:a:zulip:zulip:2.7.39
-
cpe:2.3:a:zulip:zulip:20.0.103
-
cpe:2.3:a:zulip:zulip:21.0.104
-
cpe:2.3:a:zulip:zulip:21.1.105
-
cpe:2.3:a:zulip:zulip:21.2.106
-
cpe:2.3:a:zulip:zulip:22.0.107
-
cpe:2.3:a:zulip:zulip:22.1.108
-
cpe:2.3:a:zulip:zulip:23.0.109
-
cpe:2.3:a:zulip:zulip:23.1.110
-
cpe:2.3:a:zulip:zulip:23.2.111
-
cpe:2.3:a:zulip:zulip:23.3.112
-
cpe:2.3:a:zulip:zulip:24.0.113
-
cpe:2.3:a:zulip:zulip:25.0.114
-
cpe:2.3:a:zulip:zulip:25.1.115
-
cpe:2.3:a:zulip:zulip:25.2.116
-
cpe:2.3:a:zulip:zulip:25.3.117
-
cpe:2.3:a:zulip:zulip:25.4.118
-
cpe:2.3:a:zulip:zulip:25.5.119
-
cpe:2.3:a:zulip:zulip:25.6.120
-
cpe:2.3:a:zulip:zulip:25.7.121
-
cpe:2.3:a:zulip:zulip:25.8.122
-
cpe:2.3:a:zulip:zulip:26.0.123
-
cpe:2.3:a:zulip:zulip:26.1.124
-
cpe:2.3:a:zulip:zulip:26.10.133
-
cpe:2.3:a:zulip:zulip:26.11.134
-
cpe:2.3:a:zulip:zulip:26.12.135
-
cpe:2.3:a:zulip:zulip:26.13.136
-
cpe:2.3:a:zulip:zulip:26.14.137
-
cpe:2.3:a:zulip:zulip:26.15.138
-
cpe:2.3:a:zulip:zulip:26.16.139
-
cpe:2.3:a:zulip:zulip:26.17.140
-
cpe:2.3:a:zulip:zulip:26.18.141
-
cpe:2.3:a:zulip:zulip:26.19.142
-
cpe:2.3:a:zulip:zulip:26.2.125
-
cpe:2.3:a:zulip:zulip:26.20.143
-
cpe:2.3:a:zulip:zulip:26.21.144
-
cpe:2.3:a:zulip:zulip:26.22.145
-
cpe:2.3:a:zulip:zulip:26.23.146
-
cpe:2.3:a:zulip:zulip:26.24.147
-
cpe:2.3:a:zulip:zulip:26.25.148
-
cpe:2.3:a:zulip:zulip:26.26.149
-
cpe:2.3:a:zulip:zulip:26.27.150
-
cpe:2.3:a:zulip:zulip:26.28.151
-
cpe:2.3:a:zulip:zulip:26.29.152
-
cpe:2.3:a:zulip:zulip:26.3.126
-
cpe:2.3:a:zulip:zulip:26.30.153
-
cpe:2.3:a:zulip:zulip:26.4.127
-
cpe:2.3:a:zulip:zulip:26.5.128
-
cpe:2.3:a:zulip:zulip:26.6.129
-
cpe:2.3:a:zulip:zulip:26.7.130
-
cpe:2.3:a:zulip:zulip:26.8.131
-
cpe:2.3:a:zulip:zulip:26.9.132
-
cpe:2.3:a:zulip:zulip:27.154
-
cpe:2.3:a:zulip:zulip:27.155
-
cpe:2.3:a:zulip:zulip:27.156
-
cpe:2.3:a:zulip:zulip:27.157
-
cpe:2.3:a:zulip:zulip:27.158
-
cpe:2.3:a:zulip:zulip:27.159
-
cpe:2.3:a:zulip:zulip:27.160
-
cpe:2.3:a:zulip:zulip:27.161
-
cpe:2.3:a:zulip:zulip:27.162
-
cpe:2.3:a:zulip:zulip:27.163
-
cpe:2.3:a:zulip:zulip:27.164
-
cpe:2.3:a:zulip:zulip:27.165
-
cpe:2.3:a:zulip:zulip:27.166
-
cpe:2.3:a:zulip:zulip:27.167
-
cpe:2.3:a:zulip:zulip:27.168
-
cpe:2.3:a:zulip:zulip:27.169
-
cpe:2.3:a:zulip:zulip:27.170
-
cpe:2.3:a:zulip:zulip:27.171
-
cpe:2.3:a:zulip:zulip:27.172
-
cpe:2.3:a:zulip:zulip:27.173
-
cpe:2.3:a:zulip:zulip:27.174
-
cpe:2.3:a:zulip:zulip:27.175
-
cpe:2.3:a:zulip:zulip:27.176
-
cpe:2.3:a:zulip:zulip:27.177
-
cpe:2.3:a:zulip:zulip:27.178
-
cpe:2.3:a:zulip:zulip:27.179
-
cpe:2.3:a:zulip:zulip:27.180
-
cpe:2.3:a:zulip:zulip:27.181
-
cpe:2.3:a:zulip:zulip:27.182
-
cpe:2.3:a:zulip:zulip:27.183
-
cpe:2.3:a:zulip:zulip:27.184
-
cpe:2.3:a:zulip:zulip:27.185
-
cpe:2.3:a:zulip:zulip:27.186
-
cpe:2.3:a:zulip:zulip:27.187
-
cpe:2.3:a:zulip:zulip:27.188
-
cpe:2.3:a:zulip:zulip:27.189
-
cpe:2.3:a:zulip:zulip:3.0.40
-
cpe:2.3:a:zulip:zulip:3.1.41
-
cpe:2.3:a:zulip:zulip:3.2.42
-
cpe:2.3:a:zulip:zulip:3.3.43
-
cpe:2.3:a:zulip:zulip:5.0.46
-
cpe:2.3:a:zulip:zulip:6.6.53
-
cpe:2.3:a:zulip:zulip:7.0.54
-
cpe:2.3:a:zulip:zulip:7.1.55
-
cpe:2.3:a:zulip:zulip:7.3.57
-
cpe:2.3:a:zulip:zulip:8.1.62
-
cpe:2.3:a:zulip:zulip:8.2.63
-
cpe:2.3:a:zulip:zulip:8.3.64
-
cpe:2.3:a:zulip:zulip:9.1.67