Lucene search

GitHub_MCVE-2024-32967

HistoryMay 01, 2024 - 7:15 a.m.

CVE-2024-32967

2024-05-0107:15:40

CWE-200

GitHub_M

web.nvd.nist.gov

zitadel

identity management

database

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

13.0%

JSON

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.

Affected configurations

Vulners

Vulnrichment

Node

zitadelzitadelRange<2.45.7

zitadelzitadelRange2.46.0–2.46.7

zitadelzitadelRange2.47.0–2.47.10

zitadelzitadelRange2.48.0–2.48.5

zitadelzitadelRange2.49.0–2.49.5

zitadelzitadelRange2.50.0–2.50.3

VendorProductVersionCPE
zitadelzitadel*cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zitadel	zitadel	*	cpe:2.3:a:zitadel:zitadel::::::::

CNA Affected

[
  {
    "vendor": "zitadel",
    "product": "zitadel",
    "versions": [
      {
        "version": "< 2.45.7",
        "status": "affected"
      },
      {
        "version": ">= 2.46.0,< 2.46.7",
        "status": "affected"
      },
      {
        "version": ">= 2.47.0, < 2.47.10",
        "status": "affected"
      },
      {
        "version": ">= 2.48.0, < 2.48.5",
        "status": "affected"
      },
      {
        "version": ">= 2.49.0, < 2.49.5",
        "status": "affected"
      },
      {
        "version": ">= 2.50.0, < 2.50.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/zitadel/zitadel/commit/b918603b576d156a08b90917c14c2d019c82ffc6

github.com/zitadel/zitadel/releases/tag/v2.45.7

github.com/zitadel/zitadel/releases/tag/v2.46.7

github.com/zitadel/zitadel/releases/tag/v2.47.10

github.com/zitadel/zitadel/releases/tag/v2.48.5

github.com/zitadel/zitadel/releases/tag/v2.49.5

github.com/zitadel/zitadel/releases/tag/v2.50.3

github.com/zitadel/zitadel/security/advisories/GHSA-q5qj-x2h5-3945

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

13.0%

JSON

Related for CVE-2024-32967