Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:6 a.m.10 views

CVE-2024-28197

Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent browser and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and...

7.5CVSS6.1AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2024/03/11 8:15 p.m.39 views

CVE-2024-28197

Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent browser and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and...

7.5CVSS7.4AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2024/03/11 7:48 p.m.79 views

CVE-2024-28197

ZITADel vulnerability CVE-2024-28197 affects Zitadel, an open-source identity management system. The issue stems from a session cookie used to identify the user agent and sessions that was accessible on subdomains of a Zitadel instance. Exploitation requires the victim to log in via a malicious l...

7.5CVSS7.4AI score0.00335EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/11 7:48 p.m.8 views

CVE-2024-28197 Account Takeover via Session Fixation in Zitadel [Bypassing MFA]

Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent browser and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and...

7.5CVSS7.2AI score0.00335EPSS
Exploits0References3
Rows per page
Query Builder