Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 26 Aug 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:* |
Fri, 25 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 25 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing the registration URL (/ui/login/loginname) and register a user that way. Versions 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available. | |
Title | Zitadel User Registration Bypass Vulnerability | |
Weaknesses | CWE-287 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-10-25T16:14:16.296Z
Reserved: 2024-10-18T13:43:23.454Z
Link: CVE-2024-49757

Updated: 2024-10-25T16:13:10.874Z

Status : Analyzed
Published: 2024-10-25T15:15:18.957
Modified: 2025-08-26T16:31:17.563
Link: CVE-2024-49757

No data.

Updated: 2025-07-12T23:05:53Z