{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.3.0" }, { "introduced": "0" }, { "last_affected": "1.3.1" }, { "introduced": "0" }, { "last_affected": "1.3.2" }, { "introduced": "0" }, { "last_affected": "1.3.3" }, { "introduced": "0" }, { "last_affected": "1.3.4" }, { "introduced": "0" }, { "last_affected": "1.3.6" }, { "introduced": "0" }, { "last_affected": "1.3.7" }, { "introduced": "0" }, { "last_affected": "1.3.8" }, { "introduced": "0" }, { "last_affected": "1.3.9" }, { "introduced": "0" }, { "last_affected": "1.3.10" }, { "introduced": "0" }, { "last_affected": "1.3.11" }, { "introduced": "0" }, { "last_affected": "1.3.12" }, { "introduced": "0" }, { "last_affected": "1.3.13" }, { "introduced": "0" }, { "last_affected": "1.4.0" }, { "introduced": "0" }, { "last_affected": "1.4.1" }, { "introduced": "0" }, { "last_affected": "1.4.2" }, { "introduced": "0" }, { "last_affected": "1.4.3" }, { "introduced": "0" }, { "last_affected": "1.5.0" }, { "introduced": "0" }, { "last_affected": "1.5.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "b69c6228af03634061cba29f3aa7200c14e7c626" }, { "introduced": "0" }, { "last_affected": "aeb6a5df7c2d88da7c4fde82df0ba5b0686f8080" }, { "introduced": "0" }, { "last_affected": "974a9bd0f3eabcccd091ce0fe274b982b785fd23" }, { "introduced": "0" }, { "last_affected": "f0add4638ca7c8372dde4781f034ac79c4740f3c" }, { "introduced": "0" }, { "last_affected": "e5f7000a23cba9cb3f462e65f013b4e10af75858" }, { "introduced": "0" }, { "last_affected": "bec3c0943afb45e86d8bd5a6c6f6cf3572ad4a64" }, { "introduced": "0" }, { "last_affected": "54c964a33211ebf8325b3debec053734e79ca65b" }, { "introduced": "0" }, { "last_affected": "ac35d268684189e59122a4a9b6423b943831ab51" }, { "introduced": "0" }, { "last_affected": "5fa6260ae895f9b314910df3354b3282bf44fc54" }, { "introduced": "0" }, { "last_affected": "e1e7ea01ca6d9dda3225f24ccdfaa844d047bda2" }, { "introduced": "0" }, { "last_affected": "5ffe1439eb684f5dfe76ad34a67c11f7c8f64fe9" }, { "introduced": "0" }, { "last_affected": "90634356cb9d3e7772d80330a7e9f9dde958870a" }, { "introduced": "0" }, { "last_affected": "4958828747281f7b40d786a99d82eda7614ffa1e" }, { "introduced": "0" }, { "last_affected": "7e4caf3a67a6542714760e4e93f192494905aa05" }, { "introduced": "0" }, { "last_affected": "f6975f93344a9ce4750bf2967cf84b07a666ea30" }, { "introduced": "0" }, { "last_affected": "8cc7642cddc8e8fab7a8583f1036232e4e289e2a" }, { "introduced": "0" }, { "last_affected": "a063dd3b26f7ada794e14ace0d24ea1834611446" }, { "introduced": "0" }, { "last_affected": "e79520c5930a5a3ed1279732dcb8839f2ae8c5f0" }, { "introduced": "0" }, { "last_affected": "bd01b1e2e4cac3117d5d042aa7ae686bc0573f9d" }, { "fixed": "1f48fa27672170bba3b9a97384905bb04c18761b" } ], "repo": "https://github.com/zulip/zulip", "type": "GIT" } ] } ], "details": "Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.", "id": "CVE-2017-0896", "modified": "2026-03-13T21:52:06.196545042Z", "published": "2017-06-02T17:29:00.167Z", "references": [ { "type": "WEB", "url": "https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ" }, { "type": "REPORT", "url": "https://hackerone.com/reports/224210" }, { "type": "FIX", "url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }