Veracode Vulnerability DatabaseVERACODE:43796Information Disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
24.2%
github.com/zitadel/zitadel is vulnerable to Information Disclosure. This vulnerability allows an attacker to verify if an account exists in ZITADEL by using the password reset function, even if the Ignoring unknown usernames setting is enabled.
References
github.com/advisories/GHSA-v683-rcxx-vpff
github.com/zitadel/zitadel/commit/54676eda9806634d3b249541c30f979b4b0dce21
github.com/zitadel/zitadel/commit/8ca053fad3c5b831ec50f6cdc1386f3fb8b3f870
github.com/zitadel/zitadel/releases/tag/v2.37.3
github.com/zitadel/zitadel/releases/tag/v2.38.0
github.com/zitadel/zitadel/security/advisories/GHSA-v683-rcxx-vpff
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
24.2%