2 matches found
CVE-2022-36051
ZITADEL’s CVE-2022-36051 refers to a Broken Authorization in Actions, where users with role ORG_OWNER could create Javascript Code invoked during login to grant authorizations for projects owned by other organizations within the same instance. The issue stems from a missing authorization check in...
CVE-2022-36051 Broken Authorization in ZITADEL Actions
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...