CVE-2023-33186 (GCVE-0-2023-33186)

Vulnerability from cvelistv5 – Published: 2023-05-30 05:31 – Updated: 2025-01-10 19:47
VLAI?
Summary
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
zulip zulip Affected: >= 7.0-beta1, < 7.0-beta3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph"
          },
          {
            "name": "https://github.com/zulip/zulip/pull/25370",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zulip/zulip/pull/25370"
          },
          {
            "name": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f"
          },
          {
            "name": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33186",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T19:47:31.000951Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T19:47:40.529Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zulip",
          "vendor": "zulip",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0-beta1, \u003c 7.0-beta3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-06T18:12:18.600Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph"
        },
        {
          "name": "https://github.com/zulip/zulip/pull/25370",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zulip/zulip/pull/25370"
        },
        {
          "name": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f"
        },
        {
          "name": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629"
        }
      ],
      "source": {
        "advisory": "GHSA-4r83-8f94-hrph",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-33186",
    "datePublished": "2023-05-30T05:31:37.279Z",
    "dateReserved": "2023-05-17T22:25:50.697Z",
    "dateUpdated": "2025-01-10T19:47:40.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zulip:zulip_server:7.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E449504D-DB1E-4244-A98D-85AC698B4A6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zulip:zulip_server:7.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4571E1B8-F9D4-4F6F-B7F2-07A1FE57A8E5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.\"}]",
      "id": "CVE-2023-33186",
      "lastModified": "2024-11-21T08:05:04.660",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 5.3}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2023-05-30T06:16:36.237",
      "references": "[{\"url\": \"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/zulip/zulip/pull/25370\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/zulip/zulip/pull/25370\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-33186\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-05-30T06:16:36.237\",\"lastModified\":\"2024-11-21T08:05:04.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zulip:zulip_server:7.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E449504D-DB1E-4244-A98D-85AC698B4A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zulip:zulip_server:7.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4571E1B8-F9D4-4F6F-B7F2-07A1FE57A8E5\"}]}]}],\"references\":[{\"url\":\"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/zulip/zulip/pull/25370\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/zulip/zulip/pull/25370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\", \"name\": \"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/zulip/zulip/pull/25370\", \"name\": \"https://github.com/zulip/zulip/pull/25370\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\", \"name\": \"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\", \"name\": \"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:39:35.439Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33186\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-10T19:47:31.000951Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-10T19:47:26.879Z\"}}], \"cna\": {\"title\": \"Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip\", \"source\": {\"advisory\": \"GHSA-4r83-8f94-hrph\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"zulip\", \"product\": \"zulip\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 7.0-beta1, \u003c 7.0-beta3\"}]}], \"references\": [{\"url\": \"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\", \"name\": \"https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/zulip/zulip/pull/25370\", \"name\": \"https://github.com/zulip/zulip/pull/25370\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\", \"name\": \"https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\", \"name\": \"https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-11-06T18:12:18.600Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-33186\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-10T19:47:40.529Z\", \"dateReserved\": \"2023-05-17T22:25:50.697Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-05-30T05:31:37.279Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.