CVE-2022-24751 - OpenCVE

Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zulip	Zulip

Configuration 1 [-]

cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717
https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4
https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-03-16T13:30:15

Updated: 2024-08-03T04:20:50.479Z

Reserved: 2022-02-10T00:00:00

Link: CVE-2022-24751

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-16T14:15:08.487

Modified: 2022-03-22T15:25:06.063

Link: CVE-2022-24751

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "zulip", "vendor": "zulip", "versions": [{"status": "affected", "version": ">= 4.0, < 4.11"}]}], "descriptions": [{"lang": "en", "value": "Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-16T13:30:15", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4"}], "source": {"advisory": "GHSA-6v98-m5x5-phqj", "discovery": "UNKNOWN"}, "title": "Race condition in Zulip", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24751", "STATE": "PUBLIC", "TITLE": "Race condition in Zulip"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zulip", "version": {"version_data": [{"version_value": ">= 4.0, < 4.11"}]}}]}, "vendor_name": "zulip"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj", "refsource": "CONFIRM", "url": "https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj"}, {"name": "https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717", "refsource": "MISC", "url": "https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717"}, {"name": "https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4", "refsource": "MISC", "url": "https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4"}]}, "source": {"advisory": "GHSA-6v98-m5x5-phqj", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.479Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24751", "datePublished": "2022-03-16T13:30:15", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*", "matchCriteriaId": "011572BD-FA58-42D2-AC46-1503D66E31D3", "versionEndExcluding": "4.11", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds."}, {"lang": "es", "value": "Zulip es una aplicaci\u00f3n de chat de grupo de c\u00f3digo abierto. A partir de la versi\u00f3n 4.0 y versiones anteriores a 4.11, Zulip es vulnerable a una condici\u00f3n de carrera durante la deshabilitaci\u00f3n de la cuenta, donde un acceso simult\u00e1neo por parte del usuario que est\u00e1 siendo deshabilitado puede, en raros casos, permitir el acceso continuo por parte del usuario deshabilitado. Se presenta un parche disponible en versi\u00f3n 4.11 en la rama 4.x y en versi\u00f3n 5.0-rc1 en la rama 5.x. Una actualizaci\u00f3n a una versi\u00f3n corregida deshabilitar\u00e1, como efecto secundario, cualquier sesi\u00f3n en cach\u00e9 que pueda haberse filtrado mediante este bug. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas"}], "id": "CVE-2022-24751", "lastModified": "2022-03-22T15:25:06.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-03-16T14:15:08.487", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zulip/zulip/commit/62ba8e455d8f460001d9fb486a6dabfd1ed67717"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zulip/zulip/commit/e6eace307ef435eec3395c99247155efed9219e4"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-6v98-m5x5-phqj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security-advisories@github.com", "type": "Primary"}]}