Lucene search
K

6 matches found

OSV
OSV
added 2024/06/05 3:10 p.m.37 views

GO-2024-2664 ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel

ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

6.1CVSS5.5AI score0.00767EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/03/28 5:7 p.m.41 views

ZITADEL's actions can overload reserved claims

Impact Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name json "urn:zitadel:iam:user:resourceowner:name": "ACME" if it was not set by ZITADEL itself. To compensate for this w...

6.1CVSS6.7AI score0.00767EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/03/28 5:7 p.m.20 views

GHSA-GP8G-F42F-95Q2 ZITADEL's actions can overload reserved claims

Impact Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name json "urn:zitadel:iam:user:resourceowner:name": "ACME" if it was not set by ZITADEL itself. To compensate for this w...

8.3CVSS5.5AI score0.00767EPSS
Exploits0References10
NVD
NVD
added 2024/03/27 8:15 p.m.25 views

CVE-2024-29892

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name. To compensate for this ...

6.1CVSS6.2AI score0.00767EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/03/27 7:59 p.m.17 views

CVE-2024-29892 ZITADEL's actions can overload reserved claims

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name. To compensate for this ...

6.1CVSS6.7AI score0.00767EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/03/27 7:59 p.m.28 views

CVE-2024-29892 ZITADEL's actions can overload reserved claims

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name. To compensate for this ...

6.1CVSS6.3AI score0.00767EPSS
Exploits0References8
Rows per page
Query Builder