CVE

CVE-2020-14215

admin

CVE-2020-14215

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.

Source: CVE-2020-14215

Exit mobile version