Lucene search
K

4 matches found

Veracode
Veracode
added 2025/05/13 8:54 a.m.9 views

Session Hijacking

github.com/zitadel/zitadel is vulnerable to Session Hijacking. The vulnerability is due to insufficient validation of reused IdP intents via repeated IdP intent exploitation, allowing attackers with access to the application's URI to retrieve authentication tokens and impersonate users...

8CVSS6.9AI score0.00404EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/08 6:19 p.m.13 views

CVE-2025-46815

The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id...

8CVSS7.3AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 2025/05/06 5:13 p.m.86 views

CVE-2025-46815

ZITADEL Session API vulnerability (CVE-2025-46815) allows token/id reuse from idp intents prior to versions 3.0.0, 2.71.9, and 2.70.10. An attacker with URI access could obtain the id and token and authenticate on behalf of the user. MFA prevents full authentication, but this exposes a partial au...

8CVSS7.9AI score0.00404EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/05/06 4:51 p.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

8CVSS9.3AI score0.00404EPSS
Exploits0References2
Rows per page
Query Builder