{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:49:27.986","vulnerabilities":[{"cve":{"id":"CVE-2024-49757","sourceIdentifier":"security-advisories@github.com","published":"2024-10-25T15:15:18.957","lastModified":"2025-08-26T16:31:17.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the \"User Registration allowed\" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing the registration URL (/ui/login/loginname) and register a user that way. Versions 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available."},{"lang":"es","value":"El software de infraestructura de identidad de código abierto Zitadel permite a los administradores desactivar el autorregistro de usuarios. Debido a que en las versiones anteriores a 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5 y 2.58.7 no se realizaba un control de seguridad, la desactivación de la opción \"Se permite el registro de usuarios\" solo ocultaba el botón de registro en la página de inicio de sesión. Los usuarios podían eludir esta restricción accediendo directamente a la URL de registro (/ui/login/loginname) y registrar un usuario de esa manera. Las versiones 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5 y 2.58.7 contienen un parche. No se conocen workarounds disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionEndExcluding":"2.58.7","matchCriteriaId":"9901A715-7590-4CDB-9862-A37A7818015D"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.59.0","versionEndExcluding":"2.59.5","matchCriteriaId":"F3D36B9D-2968-4999-99BA-FB1DB65603E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.60.0","versionEndExcluding":"2.60.4","matchCriteriaId":"CA74E6EF-BB93-4B3D-8F5A-BA5D9E018EE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.61.0","versionEndExcluding":"2.61.4","matchCriteriaId":"893A9BBF-8ED6-4F19-B939-D48686E074A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.62.0","versionEndExcluding":"2.62.7","matchCriteriaId":"0D91CCEA-0ACD-4ADC-B23E-C5160E72BF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.63.0","versionEndExcluding":"2.63.5","matchCriteriaId":"B8FBA8F3-8AA1-4FAC-82FF-3F15943971BB"}]}]}],"references":[{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.58.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.59.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.60.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.61.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.62.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.63.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v2.64.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-3rmw-76m6-4gjc","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}