CVE-2016-4427 Information

Description

In zulip before 1.3.12 deactivated users could access messages if SSO was enabled.

Reference

https://zulip.readthedocs.io/en/2.1.7/overview/changelog.html#id35