Vulnerability Details CVE-2024-56136
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-56136
-
cpe:2.3:a:zulip:zulip_server:7.0
-
cpe:2.3:a:zulip:zulip_server:7.1
-
cpe:2.3:a:zulip:zulip_server:7.2
-
cpe:2.3:a:zulip:zulip_server:7.3
-
cpe:2.3:a:zulip:zulip_server:7.4
-
cpe:2.3:a:zulip:zulip_server:7.5
-
cpe:2.3:a:zulip:zulip_server:8.0
-
cpe:2.3:a:zulip:zulip_server:8.1
-
cpe:2.3:a:zulip:zulip_server:8.3
-
cpe:2.3:a:zulip:zulip_server:8.4
-
cpe:2.3:a:zulip:zulip_server:8.5
-
cpe:2.3:a:zulip:zulip_server:9.0
-
cpe:2.3:a:zulip:zulip_server:9.1
-
cpe:2.3:a:zulip:zulip_server:9.2
-
cpe:2.3:a:zulip:zulip_server:9.3