CVE-2024-46999

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Sep 20, 2024
CWE ID 269

Summary

CVE-2024-46999 identifies a vulnerability in Zitadel, an open-source identity management platform, where the user grants deactivation mechanism fails to function correctly, allowing deactivated user grants to be included in tokens. Affected versions include 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10; users are advised to upgrade to mitigate this issue or manually remove user grants if upgrades are not possible. This vulnerability poses a high risk of unauthorized access to applications and resources due to improper privilege management (CWE-269), with a CVSS base score of 7.3 reflecting significant impacts on confidentiality and integrity when exploited over a network with low complexity requirements and necessary user interaction. To remediate this vulnerability effectively, organizations should implement the latest security updates provided by Zitadel as soon as possible to prevent potential breaches that could compromise sensitive information and systems within their infrastructure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share