1. Home
  2. CVE Database
  3. CVE-2024-32967
MEDIUM · 5.3

CVE-2024-32967

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the us...

Vulnerability Description

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
ZitadelZitadel< 2.45.7

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2024-32967?

CVE-2024-32967 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the us...

How severe is CVE-2024-32967?

CVE-2024-32967 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-32967?

Check the references section above for vendor advisories and patch information. Affected products include: Zitadel Zitadel.