An internal investigation recently uncovered a vulnerability (identified as CVE-2022-21706) in Zulip’s invitation links. Specifically, a reusable invitation link could be used to join a different organization than the one it was created for. As a result, there was a potential for users to join any organization …
