{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T10:31:42.017","vulnerabilities":[{"cve":{"id":"CVE-2017-0896","sourceIdentifier":"support@hackerone.com","published":"2017-06-02T17:29:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this."},{"lang":"es","value":"Zulip Server versión 1.5.1 y posteriores, sufre de un error en la implementación de la configuración de invite_by_admins_only en el servidor de aplicaciones de chat del grupo Zulip que permitió a un usuario autenticado invitar a otros usuarios a unirse a una organización Zulip, incluso si la organización fue configurada para evitar esto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"03ECA4CD-B128-45EA-8A19-5F137BD08690"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"0609969D-7C68-4428-A2F3-EA532F6C4045"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"6141BC81-A452-44F0-9A61-B82772D406FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"F3662F33-CC19-46AE-902F-2A685030FDE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.4:*:*:*:*:*:*:*","matchCriteriaId":"7A20311C-FC51-4ED5-BCBC-955543FD1AF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.6:*:*:*:*:*:*:*","matchCriteriaId":"B4CC0654-4F8C-4D1B-B06F-035368E7B120"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.7:*:*:*:*:*:*:*","matchCriteriaId":"13048A35-82DA-45AF-BB3C-AEBD1A80734B"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE689D6F-F774-41AF-B97A-23973E22C9C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.9:*:*:*:*:*:*:*","matchCriteriaId":"7C300421-CBDE-4DC2-A41E-38AFDD498725"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.10:*:*:*:*:*:*:*","matchCriteriaId":"08DE09CC-3869-4686-A36D-F42788FC7118"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.11:*:*:*:*:*:*:*","matchCriteriaId":"8A6AAE8C-F5E6-4A9C-9AF1-0D03EB9A7E97"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.12:*:*:*:*:*:*:*","matchCriteriaId":"612DA887-F6BC-45F8-B187-AE23CF2F1027"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.3.13:*:*:*:*:*:*:*","matchCriteriaId":"A21AE1B1-5A7E-447A-9301-1AD965F04833"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"034098C9-DCC3-46CC-9534-811F28F4493D"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"EA56546E-7E0A-49EB-967A-7219C907BE50"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"2CF03C39-6873-4044-96B8-760156D7B1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.4.3:*:*:*:*:*:*:*","matchCriteriaId":"A0167E36-42E4-4DA5-96FB-CFF0EC8FDA38"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"3914FE1E-E734-4B4A-8266-25FB5C32800D"},{"vulnerable":true,"criteria":"cpe:2.3:a:zulip:zulip_server:1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"B25BEDD5-B562-4A2E-8284-07A47CB1F6D3"}]}]}],"references":[{"url":"https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b","source":"support@hackerone.com","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ","source":"support@hackerone.com"},{"url":"https://hackerone.com/reports/224210","source":"support@hackerone.com","tags":["Permissions Required"]},{"url":"https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://groups.google.com/forum/#%21msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://hackerone.com/reports/224210","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}