x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7j7j-66cv-m239 #2788
Description
In GitHub Security Advisory GHSA-7j7j-66cv-m239, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/zitadel/zitadel | 2.50.0 | < 2.50.0 |
Cross references:
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2022-36051 #961 NOT_IMPORTABLE
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-6rrr-78xp-5jp8 #1489 NOT_IMPORTABLE
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-44399 #2107 EFFECTIVELY_PRIVATE
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-46238 #2155 EFFECTIVELY_PRIVATE
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187 EFFECTIVELY_PRIVATE
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-2wmj-46rj-qm2w #2368 NOT_IMPORTABLE
- Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hfrg-4jwr-jfpj #2655
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/zitadel/zitadel
versions:
- fixed: 2.50.0
packages:
- package: github.com/zitadel/zitadel
summary: ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel
cves:
- CVE-2024-32868
ghsas:
- GHSA-7j7j-66cv-m239
references:
- advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-7j7j-66cv-m239
- advisory: https://github.com/advisories/GHSA-7j7j-66cv-m239
source:
id: GHSA-7j7j-66cv-m239