CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
ZITADEL “ignoring unknown usernames” vulnerability in github.com/zitadel/zitadel.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/zitadel/zitadel from v2.53.0 before v2.53.9, from v2.54.0 before v2.54.8, from v2.55.0 before v2.55.5, from v2.56.0 before v2.56.2, from v2.57.0 before v2.57.1, from v2.58.0 before v2.58.1.
github.com/zitadel/zitadel/commit/0ab0c645ef914298c343fa39cccb1290aba48bf6
github.com/zitadel/zitadel/commit/3c7d12834e32426416235b9e3374be0f4b9380b8
github.com/zitadel/zitadel/commit/5c2526c98aafd1ba206be2fa4291b1d24c384f6d
github.com/zitadel/zitadel/commit/8565d24fd8df5bd35294313cfbfcc2e15aea20e9
github.com/zitadel/zitadel/commit/b0e71a81ef39667ce2a149ce037c1ca0edbe059d
github.com/zitadel/zitadel/commit/fc1d415b8db5b8d481bb65206ce3fc944c0eecea
github.com/zitadel/zitadel/releases/tag/v2.53.9
github.com/zitadel/zitadel/releases/tag/v2.54.8
github.com/zitadel/zitadel/releases/tag/v2.55.5
github.com/zitadel/zitadel/releases/tag/v2.56.2
github.com/zitadel/zitadel/releases/tag/v2.57.1
github.com/zitadel/zitadel/releases/tag/v2.58.1
github.com/zitadel/zitadel/security/advisories/GHSA-567v-6hmg-6qg7
nvd.nist.gov/vuln/detail/CVE-2024-41952