{"containers": {"cna": {"affected": [{"product": "zulip", "vendor": "zulip", "versions": [{"status": "affected", "version": "< 5.6"}]}], "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T19:15:11.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452"}], "source": {"advisory": "GHSA-vg5m-mf9x-j452", "discovery": "UNKNOWN"}, "title": "IP address leak via image proxy bypass in Zulip Server", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-36048", "STATE": "PUBLIC", "TITLE": "IP address leak via image proxy bypass in Zulip Server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zulip", "version": {"version_data": [{"version_value": "< 5.6"}]}}]}, "vendor_name": "zulip"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-436: Interpretation Conflict"}]}]}, "references": {"reference_data": [{"name": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452", "refsource": "CONFIRM", "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452"}]}, "source": {"advisory": "GHSA-vg5m-mf9x-j452", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:52:00.508Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T14:01:47.169435Z", "id": "CVE-2022-36048", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T17:46:52.591Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36048", "datePublished": "2022-08-31T19:15:11.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-23T17:46:52.591Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:52:00.508Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-36048", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T14:01:47.169435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:01:49.099Z"}}], "cna": {"title": "IP address leak via image proxy bypass in Zulip Server", "source": {"advisory": "GHSA-vg5m-mf9x-j452", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "zulip", "product": "zulip", "versions": [{"status": "affected", "version": "< 5.6"}]}], "references": [{"url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-436", "description": "CWE-436: Interpretation Conflict"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-08-31T19:15:11.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, "source": {"advisory": "GHSA-vg5m-mf9x-j452", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "< 5.6"}]}, "product_name": "zulip"}]}, "vendor_name": "zulip"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452", "name": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-436: Interpretation Conflict"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-36048", "STATE": "PUBLIC", "TITLE": "IP address leak via image proxy bypass in Zulip Server", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-36048", "state": "PUBLISHED", "dateUpdated": "2025-04-23T17:46:52.591Z", "dateReserved": "2022-07-15T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-08-31T19:15:11.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zulip:zulip:*:*:*:*:*:*:*:*", "matchCriteriaId": "22D5894B-5893-44F5-AFF3-8DCB4D476E53", "versionEndExcluding": "5.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer\u2019s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected."}, {"lang": "es", "value": "Zulip es una herramienta de colaboraci\u00f3n en equipo de c\u00f3digo abierto con hilos basados en temas que combinan el correo electr\u00f3nico y el chat. Cuando muestra mensajes con im\u00e1genes remotas insertadas, Zulip normalmente carga la vista previa de la imagen por medio de un servidor proxy go-camo. Sin embargo, un atacante que pueda enviar mensajes podr\u00eda incluir una URL dise\u00f1ada que enga\u00f1e al servidor para que inserte una referencia de imagen remota directamente. Esto podr\u00eda permitir al atacante inferir la direcci\u00f3n IP del espectador y la informaci\u00f3n de las huellas del navegador. Esta vulnerabilidad ha sido corregido en Zulip Server versi\u00f3n 5.6. Las organizaciones de Zulip con vistas previas de im\u00e1genes y enlaces [deshabilitadas] (https://zulip.com/help/allow-image-link-previews) no est\u00e1n afectadas"}], "id": "CVE-2022-36048", "lastModified": "2024-11-21T07:12:15.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-31T20:15:08.813", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/zulip/zulip/security/advisories/GHSA-vg5m-mf9x-j452"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-436"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}