Количество 2
Количество 2
CVE-2025-67717
ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.
GHSA-f4cf-9rvr-2rcx
Zitadel Discloses the Total Number of Instance Users
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-67717 ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2. | CVSS3: 4.3 | 0% Низкий | 2 месяца назад |
| GHSA-f4cf-9rvr-2rcx Zitadel Discloses the Total Number of Instance Users | CVSS3: 4.3 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу