Zitadel Vulnerabilities

This vulnerability allows an attacker to create new accounts or log in with a password, even if those options are supposed to be disabled by the organization. It affects versions 4.0.0 to 4.12.0 of the Zitadel identity management platform, and users must be able to access the login interface to exploit this issue.

This vulnerability allows an attacker to take over user accounts by exploiting a flaw in Zitadel's login system, specifically through a default redirect link. It affects versions 4.0.0 to 4.11.1, so users need to upgrade to version 4.12.0 to protect themselves.

This vulnerability allows an attacker to take over user accounts by exploiting a flaw in Zitadel's login interface, specifically through a cross-site scripting (XSS) attack on the /saml-post endpoint. It affects versions 4.0.0 to 4.11.1, and users should upgrade to version 4.12.0 to protect against this critical issue.

An attacker can exploit a flaw in ZITADEL's password reset process to potentially intercept or manipulate the confirmation link sent to users, allowing them to reset passwords without authorization. This vulnerability affects versions from 4.0.0-rc.1 to 4.7.0 and requires the attacker to be able to send requests that include specific headers to the server.