Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zitadel — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting zitadel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zitadel is an open-source identity and access management platform designed to provide authentication, authorization, and user lifecycle management for modern applications. Its architecture supports multi-tenant environments, enabling organizations to manage user identities securely across diverse services. Historically, the platform has been associated with forty-seven recorded Common Vulnerabilities and Exposures (CVEs), reflecting a significant attack surface. These vulnerabilities predominantly involve privilege escalation, cross-site scripting, and improper access control mechanisms, allowing attackers to bypass authentication or access unauthorized resources. While no massive, widely publicized data breaches have been definitively attributed to these specific flaws, the high volume of CVEs indicates persistent security challenges in its codebase. Developers are urged to apply patches promptly, as the recurring nature of these issues suggests systemic weaknesses in input validation and permission handling that require rigorous maintenance and continuous security auditing to mitigate risks effectively.

Top products by zitadel: zitadel
CVE IDTitleCVSSSeverityPublished
CVE-2024-47000 Service Users Deactivation not Working in Zitadel — zitadelCWE-269 8.1 High2024-09-19
CVE-2024-47060 Unauthorized Access After Organization or Project Deactivation in Zitadel — zitadelCWE-200 4.3 Medium2024-09-19
CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI — zitadelCWE-79 4.3 Medium2024-07-31
CVE-2024-41952 Zitadel has an "Ignoring unknown usernames" vulnerability — zitadelCWE-203 5.3 Medium2024-07-31
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage — zitadelCWE-200 5.7 Medium2024-07-03
CVE-2024-32967 Zitadel exposes internal database user name and host information — zitadelCWE-200 5.3 Medium2024-05-01
CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass — zitadelCWE-307 6.5 Medium2024-04-25
CVE-2024-29892 ZITADEL's actions can overload reserved claims — zitadelCWE-863 6.1 Medium2024-03-27
CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass — zitadelCWE-434 8.7 High2024-03-27
CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization — zitadelCWE-20 8.1 High2024-03-18
CVE-2024-28197 Account Takeover via Session Fixation in Zitadel [Bypassing MFA] — zitadelCWE-269 7.5 High2024-03-11
CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection — zitadelCWE-640 8.1 High2023-11-30
CVE-2023-47111 ZITADEL race condition in lockout policy execution — zitadelCWE-362 7.3 High2023-11-08
CVE-2023-46238 XSS with User Avatar image in ZITADEL — zitadelCWE-79 8.7 High2023-10-26
CVE-2023-44399 ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting — zitadelCWE-640 5.3 Medium2023-10-10
CVE-2023-22492 RefreshToken invalidation vulnerability — zitadelCWE-613 5.9 Medium2023-01-11
CVE-2022-36051 Broken Authorization in ZITADEL Actions — zitadelCWE-436 8.7 High2022-08-31

This page lists every published CVE security advisory associated with zitadel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.