x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2024-32967

[GoVulnBot]

CVE-2024-32967 references github.com/zitadel/zitadel, which may be a Go module.

Description:
Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-32967
• JSON: https://github.com/CVEProject/cvelist/tree/fc0ee70a93aca48ef4ff0316011ece3a0080e00c/2024/32xxx/CVE-2024-32967.json
• advisory: GHSA-q5qj-x2h5-3945
• fix: zitadel/zitadel@b918603
• web: https://github.com/zitadel/zitadel/releases/tag/v2.45.7
• web: https://github.com/zitadel/zitadel/releases/tag/v2.46.7
• web: https://github.com/zitadel/zitadel/releases/tag/v2.47.10
• web: https://github.com/zitadel/zitadel/releases/tag/v2.48.5
• web: https://github.com/zitadel/zitadel/releases/tag/v2.49.5
• web: https://github.com/zitadel/zitadel/releases/tag/v2.50.3
• Imported by: https://pkg.go.dev/github.com/zitadel/zitadel?tab=importedby

Cross references:

• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2022-36051 #961 NOT_IMPORTABLE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-6rrr-78xp-5jp8 #1489 NOT_IMPORTABLE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-44399 #2107 EFFECTIVELY_PRIVATE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: CVE-2023-46238 #2155 EFFECTIVELY_PRIVATE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187 EFFECTIVELY_PRIVATE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-2wmj-46rj-qm2w #2368 NOT_IMPORTABLE
• Module github.com/zitadel/zitadel appears in issue x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-hfrg-4jwr-jfpj #2655

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/zitadel/zitadel
      vulnerable_at: 1.87.5
      packages:
        - package: zitadel
summary: CVE-2024-32967 in github.com/zitadel/zitadel
cves:
    - CVE-2024-32967
references:
    - advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-q5qj-x2h5-3945
    - fix: https://github.com/zitadel/zitadel/commit/b918603b576d156a08b90917c14c2d019c82ffc6
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.45.7
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.46.7
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.47.10
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.48.5
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.49.5
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.50.3
source:
    id: CVE-2024-32967