Impact
In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user.
Patches
2.x versions are fixed on >= 2.50.3
2.49.x versions are fixed on >= 2.49.5
2.48.x versions are fixed on >= 2.48.5
2.47.x versions are fixed on >= 2.47.10
2.46.x versions are fixed on >= 2.46.7
2.45.x versions are fixed on >= 2.45.7
Workarounds
There is no workaround since a patch is already available.
Questions
If you have any questions or comments about this advisory, please email us at security@zitadel.com
Credits
Thanks to Shivam Tiwari for reprting this.
Impact
In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user.
Patches
2.x versions are fixed on >= 2.50.3
2.49.x versions are fixed on >= 2.49.5
2.48.x versions are fixed on >= 2.48.5
2.47.x versions are fixed on >= 2.47.10
2.46.x versions are fixed on >= 2.46.7
2.45.x versions are fixed on >= 2.45.7
Workarounds
There is no workaround since a patch is already available.
Questions
If you have any questions or comments about this advisory, please email us at security@zitadel.com
Credits
Thanks to Shivam Tiwari for reprting this.