CVE-2016-4426

CVE-2016-4426

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

Source: CVE-2016-4426