← Back to CVE List

CVE-2024-39683

Published: 2024-07-03T20:15Z
Last Modified: 2025-01-08T18:24Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt