GO-2024-3138

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-3138

Import Source

https://vuln.go.dev/ID/GO-2024-3138.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-3138

Aliases

CVE-2024-47060
GHSA-jj94-6f5c-65r8

Published

2024-09-26T18:24:03Z

Modified

2024-09-26T18:57:35.112925Z

Summary

ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel

Details

ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/zitadel/zitadel before v2.54.10, from v2.55.0 before v2.55.8, from v2.56.0 before v2.56.6, from v2.57.0 before v2.57.5, from v2.58.0 before v2.58.5, from v2.59.0 before v2.59.3, from v2.60.0 before v2.60.2, from v2.61.0 before v2.61.1, from v2.62.0 before v2.62.1.

Database specific

{
    "review_status": "UNREVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-3138"
}

References

Affected packages

Go / github.com/zitadel/zitadel

Package

Name: github.com/zitadel/zitadel; View open source insights on deps.dev
Purl: pkg:golang/github.com/zitadel/zitadel

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Ecosystem specific

{
    "custom_ranges": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "2.54.10"
                },
                {
                    "introduced": "2.55.0"
                },
                {
                    "fixed": "2.55.8"
                },
                {
                    "introduced": "2.56.0"
                },
                {
                    "fixed": "2.56.6"
                },
                {
                    "introduced": "2.57.0"
                },
                {
                    "fixed": "2.57.5"
                },
                {
                    "introduced": "2.58.0"
                },
                {
                    "fixed": "2.58.5"
                },
                {
                    "introduced": "2.59.0"
                },
                {
                    "fixed": "2.59.3"
                },
                {
                    "introduced": "2.60.0"
                },
                {
                    "fixed": "2.60.2"
                },
                {
                    "introduced": "2.61.0"
                },
                {
                    "fixed": "2.61.1"
                },
                {
                    "introduced": "2.62.0"
                },
                {
                    "fixed": "2.62.1"
                }
            ],
            "type": "ECOSYSTEM"
        }
    ]
}