CVE-2024-28855

🗓️ 18 Mar 2024 21:46:47Reported by GitHub_MType

ZITADEL uses Go templates for login UI rendering, leading to improper input sanitization

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-28855	18 Mar 202423:26	–	circl
CNNVD	ZITADEL Security Vulnerabilities	18 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization	18 Mar 202421:46	–	cvelist
EUVD	EUVD-2024-0935	3 Oct 202520:07	–	euvd
Github Security Blog	Improper HTML sanitization in ZITADEL	18 Mar 202420:34	–	github
NVD	CVE-2024-28855	18 Mar 202422:15	–	nvd
OSV	CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization	18 Mar 202421:46	–	osv
OSV	GHSA-HFRG-4JWR-JFPJ Improper HTML sanitization in ZITADEL	18 Mar 202420:34	–	osv
OSV	GO-2024-2655 XSS in github.com/zitadel/zitadel	27 Mar 202422:09	–	osv
RedhatCVE	CVE-2024-28855	5 Feb 202500:57	–	redhatcve

NVD

Vulners

Vulnrichment

Node

zitadel zitadelRange<2.41.15

zitadel zitadelRange2.42.0–2.42.15

zitadel zitadelRange2.43.0–2.43.9

zitadel zitadelRange2.44.0–2.44.3

zitadel zitadelRange2.47.0–2.47.4

zitadel zitadelMatch2.45.0-

zitadel zitadelMatch2.45.0rc1

zitadel zitadelMatch2.46.0-

zitadel zitadelMatch2.46.0rc1

zitadel zitadelMatch2.46.0rc2

[
  {
    "vendor": "zitadel",
    "product": "zitadel",
    "versions": [
      {
        "version": "< 2.41.15",
        "status": "affected"
      },
      {
        "version": ">= 2.42.0, < 2.42.15",
        "status": "affected"
      },
      {
        "version": ">= 2.43.0, < 2.43.9",
        "status": "affected"
      },
      {
        "version": ">= 2.44.0, < 2.44.3",
        "status": "affected"
      },
      {
        "version": "= 2.45.0",
        "status": "affected"
      },
      {
        "version": "= 2.46.0",
        "status": "affected"
      },
      {
        "version": ">= 2.47.0, < 2.47.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/zitadel/zitadel/releases/tag/v2.41.15
github	www.github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj
github	www.github.com/zitadel/zitadel/releases/tag/v2.42.15
github	www.github.com/zitadel/zitadel/releases/tag/v2.44.3
github	www.github.com/zitadel/zitadel/releases/tag/v2.46.1
github	www.github.com/zitadel/zitadel/releases/tag/v2.43.9
github	www.github.com/zitadel/zitadel/releases/tag/v2.45.1
github	www.github.com/zitadel/zitadel/releases/tag/v2.47.3

08 Jan 2025 18:14Current

8.1High risk

Vulners AI Score8.1

CVSS 3.16.1 - 8.1

EPSS0.02011

SSVC