Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| zitadel | zitadel | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-0928 | ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. |
 Github GHSA |
GHSA-gp8g-f42f-95q2 | ZITADEL's actions can overload reserved claims |
Wed, 08 Jan 2025 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zitadel
Zitadel zitadel |
|
| CPEs | cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zitadel
Zitadel zitadel |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-13T14:07:12.217Z
Reserved: 2024-03-21T15:12:08.998Z
Link: CVE-2024-29892
Vulnrichment
Updated: 2024-08-02T01:17:58.115Z
NVD
Status : Analyzed
Published: 2024-03-27T20:15:08.303
Modified: 2025-01-08T18:20:34.003
Link: CVE-2024-29892
Redhat
No data.
OpenCVE Enrichment
No data.