← back
CVE-2017-0881

CVE-2017-0881

EPSS 1.1%CWE-200
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Mar 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.