Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
Low
Attack Vector
Network
0

CVE-2023-22735

Disclosure Date: February 07, 2023
CVE-2023-22735 CVSS v3 Base Score: 4.6
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in main, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest main which addresses the issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.6 Medium
Impact Score:
2.5
Exploitability Score:
2.1
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
zulip >= 04cf68b, < 2f6c5a8
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Technical Analysis