x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32868 #2790

GoVulnBot · 2024-04-26T01:01:24Z

CVE-2024-32868 references github.com/zitadel/zitadel, which may be a Go module.

Description:
ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0.

References:

Cross references:

Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2022-36051 #961 NOT_IMPORTABLE
Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-6rrr-78xp-5jp8 #1489 NOT_IMPORTABLE
Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-44399 #2107 EFFECTIVELY_PRIVATE
Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-46238 #2155 EFFECTIVELY_PRIVATE
Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187 EFFECTIVELY_PRIVATE
Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-2wmj-46rj-qm2w #2368 NOT_IMPORTABLE
Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hfrg-4jwr-jfpj #2655

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/zitadel/zitadel
      vulnerable_at: 1.87.5
      packages:
        - package: zitadel
summary: CVE-2024-32868 in github.com/zitadel/zitadel
cves:
    - CVE-2024-32868
references:
    - advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-7j7j-66cv-m239
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.50.0
source:
    id: CVE-2024-32868

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:57:57Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

tatianab · 2024-04-30T17:39:13Z

Duplicate of #2788

tatianab marked this as a duplicate of #2788 Apr 30, 2024

tatianab closed this as completed Apr 30, 2024

tatianab added the duplicate label Apr 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32868 #2790

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32868 #2790

GoVulnBot commented Apr 26, 2024

gopherbot commented Apr 30, 2024

tatianab commented Apr 30, 2024

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32868 #2790

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32868 #2790

Comments

GoVulnBot commented Apr 26, 2024

gopherbot commented Apr 30, 2024

tatianab commented Apr 30, 2024