github.com/zitadel/zitadel is vulnerable to authorization bypass. The user role with ORG_OWNER
can create javascript code through the user_grant.go
and invoked by the system at certain points during the login, allowing an attacker to grant authorizations for projects that belong to other organisations inside the same instance.
docs.zitadel.com/docs/apis/actions
docs.zitadel.com/docs/guides/manage/customize/behavior
github.com/advisories/GHSA-c8fj-4pm8-mp2c
github.com/zitadel/zitadel/commit/4c26665b933dd763aa8c2779bce368708f7a7029
github.com/zitadel/zitadel/commit/960c6d59e683896cb3fbc13d28e668a290064a24
github.com/zitadel/zitadel/pull/4237
github.com/zitadel/zitadel/pull/4238
github.com/zitadel/zitadel/releases/tag/v1.87.1
github.com/zitadel/zitadel/releases/tag/v2.2.0
github.com/zitadel/zitadel/security/advisories/GHSA-c8fj-4pm8-mp2c
zitadel.com/blog/pentest-results-h1-2021