CVE-2025-30368
CVE-2025-30368
Título es
CVE-2025-30368
Lun, 31/03/2025 – 17:15
Tipo
CWE-566
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-30368
Descripción en
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.
31/03/2025
31/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
2.70
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW
Referencias
Enviar en el boletín
Off
