2 matches found
GHSA-J4G7-V4M4-77PX ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP
Summary A vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. Impact This vulnerability stems from the...
PYSEC-2021-131
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...