From b29561d49ebfabac911783c20c15eb75111e6d3e Mon Sep 17 00:00:00 2001 From: evilgensec Date: Sun, 27 Oct 2024 11:11:33 +0545 Subject: [PATCH] Created CVE-2024-49757 --- http/cves/2024/CVE-2024-49757 | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 http/cves/2024/CVE-2024-49757 diff --git a/http/cves/2024/CVE-2024-49757 b/http/cves/2024/CVE-2024-49757 new file mode 100644 index 0000000000..211b514d34 --- /dev/null +++ b/http/cves/2024/CVE-2024-49757 @@ -0,0 +1,40 @@ +id: zitadel-cve-2024-49757-registration-check + +info: + name: Zitadel User Registration Check + author: Sujal Tuladhar + severity: high + description: | + Checks for the presence of the Zitadel registration endpoint (/ui/login/register) + in unpatched versions (< 2.63.4) where user registration can be bypassed if not configured correctly. + tags: zitadel,cve,cve-2024-49757,registration + +requests: + - method: GET + path: + - "{{BaseURL}}/auth/v1/healthz" # To confirm Zitadel technology + + matchers-condition: and + matchers: + - type: word + words: + - "zitadel" + part: body + - type: status + status: + - 200 + + - method: GET + path: + - "{{BaseURL}}/ui/login/register" # Check registration endpoint + + matchers-condition: and + matchers: + - type: word + words: + - "Registration is not allowed (Internal)" + part: body + negative: true # Marks as vulnerable only if this phrase is absent + - type: status + status: + - 200 # Vulnerable if 200 status and phrase is absent