Vulnerability Report: GO-2024-3217

CVE-2024-49757, GHSA-3rmw-76m6-4gjc
Affects: github.com/zitadel/zitadel
Published: Oct 28, 2024

User Registration Bypass in Zitadel in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/zitadel/zitadel before v2.58.7, from v2.59.0 before v2.59.5, from v2.60.0 before v2.60.4, from v2.61.0 before v2.61.4, from v2.62.0 before v2.62.7, from v2.63.0 before v2.63.5.

For detailed information about this vulnerability, visit https://github.com/zitadel/zitadel/security/advisories/GHSA-3rmw-76m6-4gjc or https://nvd.nist.gov/vuln/detail/CVE-2024-49757.

Affected Packages

Path

Versions

Symbols

Aliases

CVE-2024-49757
GHSA-3rmw-76m6-4gjc

References

https://github.com/zitadel/zitadel/security/advisories/GHSA-3rmw-76m6-4gjc
https://nvd.nist.gov/vuln/detail/CVE-2024-49757
https://github.com/zitadel/zitadel/releases/tag/v2.58.7
https://github.com/zitadel/zitadel/releases/tag/v2.59.5
https://github.com/zitadel/zitadel/releases/tag/v2.60.4
https://github.com/zitadel/zitadel/releases/tag/v2.61.4
https://github.com/zitadel/zitadel/releases/tag/v2.62.7
https://github.com/zitadel/zitadel/releases/tag/v2.63.5
https://github.com/zitadel/zitadel/releases/tag/v2.64.0
https://vuln.go.dev/ID/GO-2024-3217.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL