Lucene search

K
osvGoogleOSV:GO-2024-2788
HistoryJun 05, 2024 - 3:10 p.m.

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel

2024-06-0515:10:52
Google
osv.dev
zitadel
improper lockout mechanism
mfa bypass
github
software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

ZITADEL’s Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/zitadel/zitadel before v2.50.0.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

Related for OSV:GO-2024-2788