5 matches found
GO-2024-2968 ZITADEL Vulnerable to Session Information Leakage in github.com/zitadel/zitadel
ZITADEL Vulnerable to Session Information Leakage in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
GHSA-CVW9-C57H-3397 ZITADEL Vulnerable to Session Information Leakage
Impact ZITADEL provides users the ability to list all user sessions of the current user agent browser by API and in the Console UI. Due to a missing check, user sessions without that information e.g. when created though the session service were incorrectly listed exposing potentially other user's...
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...
CVE-2024-39683
CVE-2024-39683 affects ZITADEL open-source identity infrastructure. A missing check allowed listing of user sessions across different users in the browser context, exposing potentially other users’ sessions. The issue occurs in versions starting from 2.53.0 and remains present in prior to fixed v...
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...