CVE-2024-28197

Summary

CVE-2024-28197 is a vulnerability affecting the open-source identity management system, Zitadel. The issue stems from a cookie named `__Secure-zitadel-useragent` that is used to identify user agents and their sessions. Despite being handled according to best practices, this cookie was accessible on subdomains of the Zitadel instance. An attacker could leverage this vulnerability by hosting a malicious link on a subdomain and tricking a user into logging in through the link. For the attack to be successful, the user must be logged out or not have the cookie present already. The exploit hinges on an initial vulnerability on the subdomain, such as DNS control or a cross-site scripting (XSS) issue. Zitadel advises users to upgrade to the latest available versions, which have been patched for this vulnerability. It's important to note that applying the patch will invalidate the current cookie, necessitating a new session. For self-hosted environments unable to upgrade, it is recommended to prevent setting the `__Secure-zitadel-useragent` cookie on subdomains of the Zitadel instance.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.