PT-2024-25014 · Zitadel · Zitadel
Stiwari99
·
Published
2024-05-01
·
Updated
2025-01-08
·
CVE-2024-32967
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Zitadel versions prior to 2.45.7
Zitadel versions 2.46.x prior to 2.46.7
Zitadel versions 2.47.x prior to 2.47.10
Zitadel versions 2.48.x prior to 2.48.5
Zitadel versions 2.49.x prior to 2.49.5
Zitadel versions 2.50.x prior to 2.50.3
Description
Zitadel is an open source identity management system. In case Zitadel could not connect to the database, connection information including db name,
username, and db host name could be returned to the user.Recommendations
For Zitadel versions prior to 2.45.7, upgrade to version 2.45.7 or later.
For Zitadel versions 2.46.x prior to 2.46.7, upgrade to version 2.46.7 or later.
For Zitadel versions 2.47.x prior to 2.47.10, upgrade to version 2.47.10 or later.
For Zitadel versions 2.48.x prior to 2.48.5, upgrade to version 2.48.5 or later.
For Zitadel versions 2.49.x prior to 2.49.5, upgrade to version 2.49.5 or later.
For Zitadel versions 2.50.x prior to 2.50.3, upgrade to version 2.50.3 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zitadel