Affected by GO-2024-2637 and 27 other vulnerabilities

GO-2024-2637: Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel

GO-2024-2664: ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel

GO-2024-2665: ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel

GO-2024-2788: ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel

GO-2024-2804: Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel

GO-2024-2968: ZITADEL Vulnerable to Session Information Leakage in github.com/zitadel/zitadel

GO-2024-3014: ZITADEL "ignoring unknown usernames" vulnerability in github.com/zitadel/zitadel

GO-2024-3015: ZITADEL has improper HTML sanitization in emails and Console UI in github.com/zitadel/zitadel

GO-2024-3137: ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel

GO-2024-3138: ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel

GO-2024-3139: ZITADEL's Service Users Deactivation not Working in github.com/zitadel/zitadel

GO-2024-3216: Denied Host Validation Bypass in Zitadel Actions in github.com/zitadel/zitadel

GO-2024-3217: User Registration Bypass in Zitadel in github.com/zitadel/zitadel

GO-2025-3499: IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel

GO-2025-3671: ZITADEL Allows IdP Intent Token Reuse in github.com/zitadel/zitadel

GO-2025-4083: Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel

GO-2025-4084: ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection in github.com/zitadel/zitadel

GO-2025-4085: Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel

GO-2025-4210: ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login in github.com/zitadel/zitadel

GO-2025-4212: ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login in github.com/zitadel/zitadel

GO-2025-4213: ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login in github.com/zitadel/zitadel

GO-2026-4319: Zitadel has a user enumeration vulnerability in Login UIs in github.com/zitadel/zitadel

GO-2026-4573: ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel

GO-2026-4604: ZITADEL: Login V2 UI Policy Bypass Allows Unauthorized Self-Registration and Authentication in github.com/zitadel/zitadel

GO-2026-4605: ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel

GO-2026-4607: ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint in github.com/zitadel/zitadel

notification

package

v1.87.5 Latest Latest Go to latest Published: Dec 20, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zitadel/zitadel

Links

Open Source Insights

Documentation ¶

Index ¶

func Start(ctx context.Context, config Config, systemDefaults sd.SystemDefaults, ...)
type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Start ¶

func Start(ctx context.Context, config Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, hasStatics bool)

Types ¶

type Config ¶

type Config struct {
	APIDomain  string
	Repository eventsourcing.Config
}

Source Files ¶

View all Source files

notification.go

Directories ¶

Path	Synopsis
channels
chat
fs
log
mock Package mock is a generated GoMock package.	Package mock is a generated GoMock package.
smtp
twilio
messages
repository
eventsourcing
eventsourcing/handler
eventsourcing/spooler
eventsourcing/view
senders
statik
templates
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL