CVE-2024-28855
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
XSS in github.com/zitadel/zitadel
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/zitadel/zitadel | >=1.80.1,<2.41.15 | 2.41.15 |
| Go | github.com/zitadel/zitadel | >=2.42.0,<2.42.15 | 2.42.15 |
| Go | github.com/zitadel/zitadel | >=2.43.0,<2.43.9 | 2.43.9 |
| Go | github.com/zitadel/zitadel | >=2.44.0,<2.44.3 | 2.44.3 |
| Go | github.com/zitadel/zitadel | >=2.45.0,<2.45.1 | 2.45.1 |
| Go | github.com/zitadel/zitadel | >=2.46.0,<2.46.1 | 2.46.1 |
| Go | github.com/zitadel/zitadel | >=2.47.0,<2.47.4 | 2.47.4 |
| Go | github.com/zitadel/zitadel | <0.0.0-20240311065202-07ec2efa9dc6 | 0.0.0-20240311065202-07ec2efa9dc6 |
| Go | github.com/zitadel/zitadel | >=0.0.0,<1.80.0-v2.20.0.20240311065202-07ec2efa9dc6 | 1.80.0-v2.20.0.20240311065202-07ec2efa9dc6 |
| Go | github.com/zitadel/zitadel | <1.80.0-v2.20.0.20240312162750-5908b97e7c22 | 1.80.0-v2.20.0.20240312162750-5908b97e7c22 |
References
- https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj
- https://nvd.nist.gov/vuln/detail/CVE-2024-28855
- https://github.com/zitadel/zitadel/commit/07ec2efa9dc62f7a6c3a58c112b2879d24bc3e3c
- https://github.com/zitadel/zitadel
- https://github.com/zitadel/zitadel/releases/tag/v2.41.15
- https://github.com/zitadel/zitadel/releases/tag/v2.42.15
- https://github.com/zitadel/zitadel/releases/tag/v2.43.9
- https://github.com/zitadel/zitadel/releases/tag/v2.44.3
- https://github.com/zitadel/zitadel/releases/tag/v2.45.1
- https://github.com/zitadel/zitadel/releases/tag/v2.46.1
- https://github.com/zitadel/zitadel/releases/tag/v2.47.3
Verify integrity in audit chain (admin only). AS-IS.