CVE - CVE-2024-39683

CVE-ID
CVE-2024-39683	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://discord.com/channels/927474939156643850/1254096852937347153 URL:https://discord.com/channels/927474939156643850/1254096852937347153 MISC:https://github.com/zitadel/zitadel/commit/4a262e42abac2208b02fefaf68ba1a5121649f04 URL:https://github.com/zitadel/zitadel/commit/4a262e42abac2208b02fefaf68ba1a5121649f04 MISC:https://github.com/zitadel/zitadel/commit/c2093ce01507ca8fc811609ff5d391693360c3da URL:https://github.com/zitadel/zitadel/commit/c2093ce01507ca8fc811609ff5d391693360c3da MISC:https://github.com/zitadel/zitadel/commit/d04f208486a418a45b884b9ca8433e5ad9790d73 URL:https://github.com/zitadel/zitadel/commit/d04f208486a418a45b884b9ca8433e5ad9790d73 MISC:https://github.com/zitadel/zitadel/issues/8213 URL:https://github.com/zitadel/zitadel/issues/8213 MISC:https://github.com/zitadel/zitadel/pull/8231 URL:https://github.com/zitadel/zitadel/pull/8231 MISC:https://github.com/zitadel/zitadel/releases/tag/v2.53.8 URL:https://github.com/zitadel/zitadel/releases/tag/v2.53.8 MISC:https://github.com/zitadel/zitadel/releases/tag/v2.54.5 URL:https://github.com/zitadel/zitadel/releases/tag/v2.54.5 MISC:https://github.com/zitadel/zitadel/releases/tag/v2.55.1 URL:https://github.com/zitadel/zitadel/releases/tag/v2.55.1 MISC:https://github.com/zitadel/zitadel/security/advisories/GHSA-cvw9-c57h-3397 URL:https://github.com/zitadel/zitadel/security/advisories/GHSA-cvw9-c57h-3397
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240627	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240627)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)