CVE-2024-32967

May 1, 2024, 1:01 p.m.

5.3
Medium

Description

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.

Product(s) Impacted

Product Versions
Zitadel
Zitadel
  • UNKNOWN

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/zitadel/zitadel/commit/b918603b576d156a08b90917c14c2d019c82ffc6
https://github.com/zitadel/zitadel/releases/tag/v2.45.7
https://github.com/zitadel/zitadel/releases/tag/v2.46.7
https://github.com/zitadel/zitadel/releases/tag/v2.47.10
https://github.com/zitadel/zitadel/releases/tag/v2.48.5
https://github.com/zitadel/zitadel/releases/tag/v2.49.5
https://github.com/zitadel/zitadel/releases/tag/v2.50.3
https://github.com/zitadel/zitadel/security/advisories/GHSA-q5qj-x2h5-3945

Tags

2024-05-01
security-advisories@github.com
CWE-200
CVE-2024-32967

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    View Vector String

Timeline

Published: May 1, 2024, 7:15 a.m.
Last Modified: May 1, 2024, 1:01 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.