Cross-Organization Message Movement Vulnerability in Zulip Server 3.x before 3.4
CVE-2021-30487 · LOW Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
Learn more about our Cis Benchmark Audit For Server Software.