x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-47000 #3151

GoVulnBot · 2024-09-20T01:01:26Z

Advisory CVE-2024-47000 references a vulnerability in the following Go modules:

Module
github.com/zitadel/zitadel

Description:
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are u...

References:

ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-47000
WEB: GHSA-qr2h-7pwm-h393

Cross references:

github.com/zitadel/zitadel appears in 15 other report(s):
- data/excluded/GO-2022-0961.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2022-36051 #961) NOT_IMPORTABLE
- data/excluded/GO-2023-1489.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-6rrr-78xp-5jp8 #1489) NOT_IMPORTABLE
- data/excluded/GO-2023-2107.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-44399 #2107) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2155.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-46238 #2155) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2187.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2368.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-2wmj-46rj-qm2w #2368) NOT_IMPORTABLE
- data/reports/GO-2024-2637.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-mq4x-r2w3-j7mr #2637)
- data/reports/GO-2024-2655.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hfrg-4jwr-jfpj #2655)
- data/reports/GO-2024-2664.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-gp8g-f42f-95q2 #2664)
- data/reports/GO-2024-2665.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hr5w-cwwq-2v4m #2665)
- data/reports/GO-2024-2788.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7j7j-66cv-m239 #2788)
- data/reports/GO-2024-2804.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32967 #2804)
- data/reports/GO-2024-2968.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-39683 #2968)
- data/reports/GO-2024-3014.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-41952 #3014)
- data/reports/GO-2024-3015.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-41953 #3015)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/zitadel/zitadel
      vulnerable_at: 1.87.5
summary: CVE-2024-47000 in github.com/zitadel/zitadel
cves:
    - CVE-2024-47000
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-47000
    - web: https://github.com/zitadel/zitadel/security/advisories/GHSA-qr2h-7pwm-h393
source:
    id: CVE-2024-47000
    created: 2024-09-20T01:01:25.756053184Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-09-26T17:57:24Z

Change https://go.dev/cl/616059 mentions this issue: data/reports: add 13 unreviewed reports

tatianab · 2024-09-26T18:12:27Z

Duplicate of #3139

zpavlinovic added the triaged label Sep 20, 2024

tatianab added the duplicate label Sep 26, 2024

tatianab marked this as a duplicate of #3139 Sep 26, 2024

tatianab closed this as completed Sep 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-47000 #3151

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-47000 #3151

GoVulnBot commented Sep 20, 2024

gopherbot commented Sep 26, 2024

tatianab commented Sep 26, 2024

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-47000 #3151

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-47000 #3151

Comments

GoVulnBot commented Sep 20, 2024

gopherbot commented Sep 26, 2024

tatianab commented Sep 26, 2024