### [CVE-2017-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0881)
![](https://img.shields.io/static/v1?label=Product&message=Zulip%20Server%20Versions%201.4.2%20and%20below&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Zulip%20Server%20Versions%201.4.2%20and%20below%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Exposure%20(CWE-200)&color=brightgreen)

### Description

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/SPV-TIFS/SPV-TIFS