3 matches found
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...
CVE-2024-39683
CVE-2024-39683 affects ZITADEL open-source identity infrastructure. A missing check allowed listing of user sessions across different users in the browser context, exposing potentially other users’ sessions. The issue occurs in versions starting from 2.53.0 and remains present in prior to fixed v...