Описание
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available.
Ссылки
- Permissions RequiredURL Repurposed
- Patch
- Patch
- Patch
- Issue TrackingRelease Notes
- Issue Tracking
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
- Permissions RequiredURL Repurposed
- Patch
- Patch
- Patch
- Issue TrackingRelease Notes
- Issue Tracking
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.53.0 (включая) до 2.53.8 (исключая)Версия от 2.54.0 (включая) до 2.54.5 (исключая)
Одно из
cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*
cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*
cpe:2.3:a:zitadel:zitadel:2.55.0:-:*:*:*:*:*:*
cpe:2.3:a:zitadel:zitadel:2.55.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00608
Низкий
5.7 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.7
github
больше 1 года назад
ZITADEL Vulnerable to Session Information Leakage
EPSS
Процентиль: 69%
0.00608
Низкий
5.7 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo