CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
20.4%
github.com/zitadel/zitadel is vulnerable to Race Condition. The vulnerability is caused by a failure in handling multiple parallel password checks correctly while checking for failed password check attempts. This can lead to an attacker trying more password combinations and exceed the maximum amount of failed password check defined in the Lockout Policy
.
github.com/advisories/GHSA-7h8m-vrxx-vr4m
github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077
github.com/zitadel/zitadel/commit/2796b45a81a012df7ffedceb65c1bd8157868bed
github.com/zitadel/zitadel/commit/393f711ca7f94dbd7805fd99df2a0eea58fd7aaf
github.com/zitadel/zitadel/releases/tag/v2.38.3
github.com/zitadel/zitadel/releases/tag/v2.40.5
github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m