x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32967

[GoVulnBot]

CVE-2024-32967 references github.com/zitadel/zitadel, which may be a Go module.

Description:
Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-32967
• JSON: https://github.com/CVEProject/cvelist/tree/fc0ee70a93aca48ef4ff0316011ece3a0080e00c/2024/32xxx/CVE-2024-32967.json
• advisory: GHSA-q5qj-x2h5-3945
• fix: zitadel/zitadel@b918603
• web: https://github.com/zitadel/zitadel/releases/tag/v2.45.7
• web: https://github.com/zitadel/zitadel/releases/tag/v2.46.7
• web: https://github.com/zitadel/zitadel/releases/tag/v2.47.10
• web: https://github.com/zitadel/zitadel/releases/tag/v2.48.5
• web: https://github.com/zitadel/zitadel/releases/tag/v2.49.5
• web: https://github.com/zitadel/zitadel/releases/tag/v2.50.3
• Imported by: https://pkg.go.dev/github.com/zitadel/zitadel?tab=importedby

Cross references:

• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2022-36051 #961 NOT_IMPORTABLE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-6rrr-78xp-5jp8 #1489 NOT_IMPORTABLE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-44399 #2107 EFFECTIVELY_PRIVATE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-46238 #2155 EFFECTIVELY_PRIVATE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187 EFFECTIVELY_PRIVATE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-2wmj-46rj-qm2w #2368 NOT_IMPORTABLE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hfrg-4jwr-jfpj #2655

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/zitadel/zitadel
      vulnerable_at: 1.87.5
      packages:
        - package: zitadel
summary: CVE-2024-32967 in github.com/zitadel/zitadel
cves:
    - CVE-2024-32967
references:
    - advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-q5qj-x2h5-3945
    - fix: https://github.com/zitadel/zitadel/commit/b918603b576d156a08b90917c14c2d019c82ffc6
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.45.7
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.46.7
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.47.10
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.48.5
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.49.5
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.50.3
source:
    id: CVE-2024-32967

[gopherbot]

Change https://go.dev/cl/590277 mentions this issue: data/reports: add 26 unreviewed reports