Home > Vulnerability Database > CVE-2024-56136

Mend.io Vulnerability Database

CVE-2024-56136

Date: January 16, 2025

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the "main" branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.

Severity Score

5.3

Related Resources (4)

Url: https://github.com/zulip/zulip/security/advisories/GHSA-5xg8-xhfj-4hm6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-56136

Url: https://github.com/zulip/zulip/commit/c6334a765b1e6d71760e4a3b32ae5b8367f2ed4d

Url: https://www.mend.io/vulnerability-database/CVE-2024-56136

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-56136

Date: January 16, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?