2 matches found
CVE-2024-46999
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API alway...
CVE-2024-46999
CVE-2024-46999 : Zitadel’s user grants deactivation did not work, allowing deactivated grants to remain in tokens and potentially grant access to apps/resources. The issue affected multiple older releases; management/auth API could return an active state or lack state information. Affected versio...