CVE-2022-35962
Last modified
CVE-2022-35962 is a medium-severity vulnerability rated 5.7/10 on the CVSS scale. Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. EPSS estimates a 0.86% chance of exploitation in the next 30 days.
Description
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zulip | Zulip | < 27.190 |
References
- https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/Release Notes, Vendor Advisory
- https://github.com/zulip/zulip-mobile/releases/tag/v27.190Third Party Advisory
- https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5Third Party Advisory
- https://blog.zulip.com/2022/08/24/zulip-server-5-6-security-release/Release Notes, Vendor Advisory
- https://github.com/zulip/zulip-mobile/releases/tag/v27.190Third Party Advisory
- https://github.com/zulip/zulip-mobile/security/advisories/GHSA-4gj2-j32x-4wg5Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-35962?
How severe is CVE-2022-35962?
How do I fix CVE-2022-35962?
Are you affected by CVE-2022-35962?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST