GHSA-q5qj-x2h5-3945
GitHub Security Advisory
Zitadel exposing internal database user name and host information
Advisory Details
### Impact
In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user.
### Patches
2.x versions are fixed on >= [2.50.3](https://github.com/zitadel/zitadel/releases/tag/v2.50.3)
2.49.x versions are fixed on >= [2.49.5](https://github.com/zitadel/zitadel/releases/tag/v2.49.5)
2.48.x versions are fixed on >= [2.48.5](https://github.com/zitadel/zitadel/releases/tag/v2.48.5)
2.47.x versions are fixed on >= [2.47.10](https://github.com/zitadel/zitadel/releases/tag/v2.47.10)
2.46.x versions are fixed on >= [2.46.7](https://github.com/zitadel/zitadel/releases/tag/v2.46.7)
2.45.x versions are fixed on >= [2.45.7](https://github.com/zitadel/zitadel/releases/tag/v2.45.7)
### Workarounds
There is no workaround since a patch is already available.
### Questions
If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])
Affected Packages
Related CVEs
Key Information
Dataset
Data from GitHub Advisory Database. This information is provided for research and educational purposes.