Affected by GO-2024-2637 and 12 other vulnerabilities

GO-2024-2637: Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel

GO-2024-2664: ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel

GO-2024-2665: ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel

GO-2024-2788: ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel

GO-2024-2804: Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel

GO-2024-2968: ZITADEL Vulnerable to Session Information Leakage in github.com/zitadel/zitadel

GO-2024-3014: ZITADEL "ignoring unknown usernames" vulnerability in github.com/zitadel/zitadel

GO-2024-3015: ZITADEL has improper HTML sanitization in emails and Console UI in github.com/zitadel/zitadel

GO-2024-3137: ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel

GO-2024-3138: ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel

GO-2024-3139: ZITADEL's Service Users Deactivation not Working in github.com/zitadel/zitadel

GO-2024-3216: Denied Host Validation Bypass in Zitadel Actions in github.com/zitadel/zitadel

GO-2024-3217: User Registration Bypass in Zitadel in github.com/zitadel/zitadel

static

package

v1.80.0-v2.12 Latest Latest Go to latest Published: Apr 29, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zitadel/zitadel

Documentation ¶

Constants ¶

View Source

const (
	ObjectTypeUserAvatar = iota
	ObjectTypeStyling
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Asset ¶

type Asset struct {
	InstanceID    string
	ResourceOwner string
	Name          string
	Hash          string
	Size          int64
	LastModified  time.Time
	Location      string
	ContentType   string
}

type CreateStorage ¶

type CreateStorage func(client *sql.DB, rawConfig map[string]interface{}) (Storage, error)

type ObjectType ¶

type ObjectType int32

type Storage ¶

type Storage interface {
	PutObject(ctx context.Context, instanceID, location, resourceOwner, name, contentType string, objectType ObjectType, object io.Reader, objectSize int64) (*Asset, error)
	GetObject(ctx context.Context, instanceID, resourceOwner, name string) ([]byte, func() (*Asset, error), error)
	GetObjectInfo(ctx context.Context, instanceID, resourceOwner, name string) (*Asset, error)
	RemoveObject(ctx context.Context, instanceID, resourceOwner, name string) error
	RemoveObjects(ctx context.Context, instanceID, resourceOwner string, objectType ObjectType) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config
database
mock Package mock is a generated GoMock package.	Package mock is a generated GoMock package.
s3

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL