Lucene search
+L

5 matches found

OSV
OSV
added 2024/07/09 7:34 p.m.40 views

GO-2024-2968 ZITADEL Vulnerable to Session Information Leakage in github.com/zitadel/zitadel

ZITADEL Vulnerable to Session Information Leakage in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

6.5CVSS5.8AI score0.00609EPSS
Exploits0References11
OSV
OSV
added 2024/07/05 8:3 p.m.26 views

GHSA-CVW9-C57H-3397 ZITADEL Vulnerable to Session Information Leakage

Impact ZITADEL provides users the ability to list all user sessions of the current user agent browser by API and in the Console UI. Due to a missing check, user sessions without that information e.g. when created though the session service were incorrectly listed exposing potentially other user's...

6.9CVSS5.9AI score0.00609EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2024/07/03 7:20 p.m.21 views

CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

5.7CVSS6.6AI score0.00609EPSS
Exploits0References10
CVE
CVE
added 2024/07/03 7:20 p.m.70 views

CVE-2024-39683

CVE-2024-39683 affects ZITADEL open-source identity infrastructure. A missing check allowed listing of user sessions across different users in the browser context, exposing potentially other users’ sessions. The issue occurs in versions starting from 2.53.0 and remains present in prior to fixed v...

6.5CVSS5.5AI score0.00609EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/07/03 7:20 p.m.46 views

CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

5.7CVSS0.00609EPSS
Exploits0References10
Rows per page
Query Builder