FKIE_CVE-2022-31168

Vulnerability from fkie_nvd - Published: 2022-07-22 13:15 - Updated: 2024-11-21 07:04
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.
References
security-advisories@github.comhttps://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/zulip/zulip/releases/tag/5.5Release Notes, Third Party Advisory
security-advisories@github.comhttps://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/zulip/zulip/releases/tag/5.5Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5Third Party Advisory
Impacted products
Vendor Product Version
zulip zulip *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "524C7064-D386-4FB6-AB29-54123411EB07",
              "versionEndExcluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don\u2019t own any bots, and lack permission to create them, can\u2019t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots."
    },
    {
      "lang": "es",
      "value": "Zulip es una herramienta de chat de equipo de c\u00f3digo abierto. Debido a una comprobaci\u00f3n de autorizaci\u00f3n incorrecta en Zulip Server versiones 5.4 y anteriores, un miembro de una organizaci\u00f3n podr\u00eda dise\u00f1ar una llamada a la API que conceda privilegios de administrador de la organizaci\u00f3n a uno de sus bots. La vulnerabilidad ha sido corregida en Zulip Server versi\u00f3n 5.5. Los miembros que no posean ning\u00fan bot, y carezcan de permiso para crearlos, no pueden explotar la vulnerabilidad. Como mitigaci\u00f3n a la vulnerabilidad, un administrador de la organizaci\u00f3n puede restringir el permiso \"Who can create bots\" a administradores solamente, y cambiar la propiedad de los bots existentes"
    }
  ],
  "id": "CVE-2022-31168",
  "lastModified": "2024-11-21T07:04:02.643",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-22T13:15:08.540",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/zulip/zulip/releases/tag/5.5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/zulip/zulip/commit/751b2a03e565e9eb02ffe923b7c24ac73d604034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/zulip/zulip/releases/tag/5.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/zulip/zulip/security/advisories/GHSA-c3cp-ggg5-9xw5"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        },
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.