Schettn

**Name of the Vulnerable Software and Affected Versions** ZITADEL versions prior to 2.42.17 ZITADEL versions 2.42.17 through 2.48.3 **Description** The issue arises from the use of Go templates to render the login UI in ZITADEL, allowing actions to set reserved claims under certain circumstances. For example, it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. A protection has been introduced to prevent actions from changing claims that start with `urn:zitadel:iam`. **Recommendations** For versions prior to 2.42.17, update to version 2.42.17 or later. For versions 2.42.17 through 2.43.10, update to version 2.43.11 or later. For versions 2.43.11 through 2.44.6, update to version 2.44.7 or later. For versions 2.44.7 through 2.45.4, update to version 2.45.5 or later. For versions 2.45.5 through 2.46.4, update to version 2.46.5 or later. For versions 2.46.5 through 2.47.7, update to version 2.47.8 or later. For versions 2.47.8 through 2.48.2, update to version 2.48.3 or later.