{"uuid": "4ceaca06-2d97-4d6b-99df-dc14366e48ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-5XG8-XHFJ-4HM6", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2024", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56136\n\ud83d\udd39 Description: Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2025-01-16T19:25:33.261Z\n\ud83d\udccf Modified: 2025-01-16T19:25:33.261Z\n\ud83d\udd17 References:\n1. https://github.com/zulip/zulip/security/advisories/GHSA-5xg8-xhfj-4hm6\n2. https://github.com/zulip/zulip/commit/c6334a765b1e6d71760e4a3b32ae5b8367f2ed4d", "creation_timestamp": "2025-01-16T19:56:09.000000Z"}