Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-29892

Published: 27/03/2024 Updated: 28/03/2024

Vulnerability Summary

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.

References

https://github.com/zitadel/zitadel/security/advisories/GHSA-gp8g-f42f-95q2https://github.com/zitadel/zitadel/releases/tag/v2.42.17https://github.com/zitadel/zitadel/releases/tag/v2.43.11https://github.com/zitadel/zitadel/releases/tag/v2.44.7https://github.com/zitadel/zitadel/releases/tag/v2.45.5https://github.com/zitadel/zitadel/releases/tag/v2.46.5https://github.com/zitadel/zitadel/releases/tag/v2.47.8https://github.com/zitadel/zitadel/releases/tag/v2.48.3https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook