Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zitadel — Vulnerabilities & Security Advisories 47

All 47 CVE vulnerabilities found in zitadel, with AI-generated Chinese analysis, references, and POCs.

Vendor: zitadel

CVE IDTitleCVSSSeverityPublished
CVE-2024-47000 Service Users Deactivation not Working in Zitadel CWE-269 8.1 High2024-09-19
CVE-2024-47060 Unauthorized Access After Organization or Project Deactivation in Zitadel CWE-200 4.3 Medium2024-09-19
CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI CWE-79 4.3 Medium2024-07-31
CVE-2024-41952 Zitadel has an "Ignoring unknown usernames" vulnerability CWE-203 5.3 Medium2024-07-31
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage CWE-200 5.7 Medium2024-07-03
CVE-2024-32967 Zitadel exposes internal database user name and host information CWE-200 5.3 Medium2024-05-01
CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass CWE-307 6.5 Medium2024-04-25
CVE-2024-29892 ZITADEL's actions can overload reserved claims CWE-863 6.1 Medium2024-03-27
CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass CWE-434 8.7 High2024-03-27
CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization CWE-20 8.1 High2024-03-18
CVE-2024-28197 Account Takeover via Session Fixation in Zitadel [Bypassing MFA] CWE-269 7.5 High2024-03-11
CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection CWE-640 8.1 High2023-11-30
CVE-2023-47111 ZITADEL race condition in lockout policy execution CWE-362 7.3 High2023-11-08
CVE-2023-46238 XSS with User Avatar image in ZITADEL CWE-79 8.7 High2023-10-26
CVE-2023-44399 ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting CWE-640 5.3 Medium2023-10-10
CVE-2023-22492 RefreshToken invalidation vulnerability CWE-613 5.9 Medium2023-01-11
CVE-2022-36051 Broken Authorization in ZITADEL Actions CWE-436 8.7 High2022-08-31

All 47 known CVE vulnerabilities affecting zitadel with full Chinese analysis, references, and POCs where available.