2 matches found
GO-2025-4124 ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP in github.com/zitadel/zitadel
ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP
Summary A vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. Impact This vulnerability stems from the...