An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
[
{
"product": "Zulip Server Versions 1.4.2 and below",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zulip Server Versions 1.4.2 and below"
}
]
}
]