Zitadel

Zitadel

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-57770

  • EPSS 0.07%
  • Veröffentlicht 22.08.2025 16:50:35
  • Zuletzt bearbeitet 27.08.2025 19:12:57

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the log...

8.8

CVE-2025-53895

  • EPSS 0.07%
  • Veröffentlicht 15.07.2025 16:39:00
  • Zuletzt bearbeitet 26.08.2025 17:52:08

ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if the...

8.8

CVE-2025-48936

  • EPSS 0.13%
  • Veröffentlicht 30.05.2025 06:30:57
  • Zuletzt bearbeitet 04.06.2025 18:31:41

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests...

8

CVE-2025-46815

  • EPSS 0.05%
  • Veröffentlicht 06.05.2025 17:13:53
  • Zuletzt bearbeitet 26.08.2025 16:02:35

The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receive...

5.3

CVE-2025-31124

  • EPSS 0.08%
  • Veröffentlicht 31.03.2025 20:15:15
  • Zuletzt bearbeitet 26.08.2025 17:15:41

Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password pr...

8.7

CVE-2025-31123

  • EPSS 0.09%
  • Veröffentlicht 31.03.2025 20:15:15
  • Zuletzt bearbeitet 26.08.2025 17:13:31

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. T...

9

CVE-2025-27507

  • EPSS 0.3%
  • Veröffentlicht 04.03.2025 17:15:20
  • Zuletzt bearbeitet 26.08.2025 17:15:22

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specifi...

4.9

CVE-2024-49757

  • EPSS 3.06%
  • Veröffentlicht 25.10.2024 15:15:18
  • Zuletzt bearbeitet 26.08.2025 16:31:17

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User...

9.1

CVE-2024-49753

Exploit
  • EPSS 0.31%
  • Veröffentlicht 25.10.2024 14:15:12
  • Zuletzt bearbeitet 26.08.2025 16:28:04

Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block reque...

6.5

CVE-2024-47060

  • EPSS 0.05%
  • Veröffentlicht 20.09.2024 00:15:03
  • Zuletzt bearbeitet 25.09.2024 16:43:47

Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through th...