Cross-Organization Message Movement Vulnerability in Zulip Server 3.x before 3.4

Cross-Organization Message Movement Vulnerability in Zulip Server 3.x before 3.4

CVE-2021-30487 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.

Learn more about our Cis Benchmark Audit For Server Software.