CVE-2024-29891

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Mar 27, 2024

Updated: Mar 28, 2024

CWE ID 434

Summary

CVE-2024-29891 is a vulnerability in ZITADEL that allows attackers to upload HTML disguised as an avatar image. If a victim directly opens the malicious image in their Firefox browser while having an active session in ZITADEL, an attacker could gain unauthorized access to their account. This issue impacts older versions of ZITADEL, specifically those before 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17, and has been resolved in these updates. Users are advised to apply these patches to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vDuhPz
https://www.cve.org/CVERecord?id=CVE-2024-29891
https://nvd.nist.gov/vuln/detail/CVE-2024-29891

Back to Vulnerability Database

CVE-2024-29891

CVSS 3.1 Score 8.7 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations