CVE-2024-28855
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-28855 affects ZITADEL's open source authentication management software, where the use of the `text/template` package instead of `html/template` for rendering the login UI led to input sanitization omissions. This vulnerability, present in versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15, allows an attacker to inject malicious code into the login screen, although Content Security Policy would prevent the execution of scripts. Versions with patches, including 2.47.3, have since been released, and no workarounds exist for unpatched installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Zitadel