Avolicious

**Name of the Vulnerable Software and Affected Versions** ZITADEL versions 2.0.0 through 2.53.7 ZITADEL versions 2.54.0 through 2.54.4 ZITADEL versions 2.55.0 through 2.55.0 **Description** ZITADEL is an open-source identity infrastructure tool that provides users the ability to list all user sessions of the current user agent. Due to a missing check, user sessions without that information were incorrectly listed, exposing potentially other user's sessions. The issue affects the API and Console UI, but not the Login UI. There is no possibility to take over such a session. **Recommendations** For ZITADEL versions 2.0.0 through 2.53.7, upgrade to version 2.53.8 or later. For ZITADEL versions 2.54.0 through 2.54.4, upgrade to version 2.54.5 or later. For ZITADEL versions 2.55.0, upgrade to version 2.55.1 or later.