Lucene search
GoogleOSV:GO-2024-2637HistoryJun 05, 2024 - 3:10 p.m.
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel
2024-06-0515:10:52
Google
osv.dev
1
account takeover
zitadel
session fixation
multi-factor authentication
github
7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
9.0%
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel
Related
nvd
nvd
CVE-2024-28197
2024-03-11 20:15:07
cvelist
cvelist
prion
prion
Design/Logic Flaw
2024-03-11 20:15:00
github
github
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
2024-03-11 21:25:52
cve
cve
CVE-2024-28197
2024-03-11 20:15:07
veracode
veracode
Session Fixation
2024-03-12 07:04:30
osv
osv
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
2024-03-11 21:25:52
7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
9.0%
Related for OSV:GO-2024-2637