x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-47060

[GoVulnBot]

Advisory CVE-2024-47060 references a vulnerability in the following Go modules:

Module
github.com/zitadel/zitadel

Description:
Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized access. Additionally, if a project was deactivated access to applications was also still possible. The issue stems from the fact that when an organization is deactivated in Zitadel, the applications associated with it do not automatically deactivate. The application lifecycle is not tightly coupled with the...

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-47060
• WEB: GHSA-jj94-6f5c-65r8

Cross references:

• github.com/zitadel/zitadel appears in 15 other report(s):
  • data/excluded/GO-2022-0961.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2022-36051 #961) NOT_IMPORTABLE
  • data/excluded/GO-2023-1489.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-6rrr-78xp-5jp8 #1489) NOT_IMPORTABLE
  • data/excluded/GO-2023-2107.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-44399 #2107) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2155.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-46238 #2155) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2187.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2368.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-2wmj-46rj-qm2w #2368) NOT_IMPORTABLE
  • data/reports/GO-2024-2637.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-mq4x-r2w3-j7mr #2637)
  • data/reports/GO-2024-2655.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hfrg-4jwr-jfpj #2655)
  • data/reports/GO-2024-2664.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-gp8g-f42f-95q2 #2664)
  • data/reports/GO-2024-2665.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hr5w-cwwq-2v4m #2665)
  • data/reports/GO-2024-2788.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7j7j-66cv-m239 #2788)
  • data/reports/GO-2024-2804.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32967 #2804)
  • data/reports/GO-2024-2968.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-39683 #2968)
  • data/reports/GO-2024-3014.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-41952 #3014)
  • data/reports/GO-2024-3015.yaml (x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-41953 #3015)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/zitadel/zitadel
      vulnerable_at: 1.87.5
summary: CVE-2024-47060 in github.com/zitadel/zitadel
cves:
    - CVE-2024-47060
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-47060
    - web: https://github.com/zitadel/zitadel/security/advisories/GHSA-jj94-6f5c-65r8
source:
    id: CVE-2024-47060
    created: 2024-09-20T01:01:26.812785405Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/616059 mentions this issue: data/reports: add 13 unreviewed reports

[tatianab]

Duplicate of #3138