Vulnerabilities > Zitadel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-20 | CVE-2024-46999 | Unspecified vulnerability in Zitadel Zitadel is an open source identity management platform. | 6.5 |
| 2024-09-20 | CVE-2024-47000 | Unspecified vulnerability in Zitadel Zitadel is an open source identity management platform. | 7.5 |
| 2024-09-20 | CVE-2024-47060 | Incorrect Authorization vulnerability in Zitadel Zitadel is an open source identity management platform. | 6.5 |
| 2023-11-30 | CVE-2023-49097 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zitadel ZITADEL is an identity infrastructure system. | 8.8 |
| 2023-11-08 | CVE-2023-47111 | Race Condition vulnerability in Zitadel ZITADEL provides identity infrastructure. | 3.7 |
| 2023-10-26 | CVE-2023-46238 | Cross-site Scripting vulnerability in Zitadel ZITADEL is an identity infrastructure management system. | 5.4 |
| 2023-10-10 | CVE-2023-44399 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zitadel ZITADEL provides identity infrastructure. | 5.3 |
| 2023-01-11 | CVE-2023-22492 | Insufficient Session Expiration vulnerability in Zitadel ZITADEL is a combination of Auth0 and Keycloak. | 5.9 |
| 2022-08-31 | CVE-2022-36051 | Incorrect Authorization vulnerability in Zitadel ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. | 8.8 |