9 matches found
CVE-2024-46999
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API alway...
Unauthorized Access
github.com/zitadel/zitadel is vulnerable to Unauthorized Access. The vulnerability is due to the failure of the system to properly invalidate deactivated user grants in the tokens, allowing users to retain access to applications and resources despite their deactivated status...
CVE-2024-46999 User Grant Deactivation not Working in Zitadel
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API alway...
CVE-2024-46999
CVE-2024-46999 : Zitadel’s user grants deactivation did not work, allowing deactivated grants to remain in tokens and potentially grant access to apps/resources. The issue affected multiple older releases; management/auth API could return an active state or lack state information. Affected versio...
CVE-2024-46999 User Grant Deactivation not Working in Zitadel
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API alway...
ZITADEL's User Grant Deactivation not Working
Impact ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API always returned the state as active or did not provide...
GHSA-2W5J-QFVW-2HF5 ZITADEL's User Grant Deactivation not Working
Impact ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API always returned the state as active or did not provide...
CVE-2023-4047
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
CVE-2022-36051 Broken Authorization in ZITADEL Actions
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...