How severe is CVE-2022-31134?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2022-31134?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-31134 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the "public data" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue.

Related Vulnerabilities

CVE-2012-4382

MEDIUM

CVSS:4.9(Medium)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

CWE-2002012

CVE-2013-0192

MEDIUM

CVSS:4.9(Medium)

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.

CWE-2002013

CVE-2015-3251

MEDIUM

CVSS:4.9(Medium)

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API cal...

CWE-2002015

CVE-2016-0225

MEDIUM

CVSS:4.9(Medium)

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.

CWE-2002016

CVE-2016-10740

MEDIUM

CVSS:4.9(Medium)

Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to request...

CWE-2002016

CVE-2016-1497

MEDIUM

CVSS:4.9(Medium)

The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows...

CWE-2002016