How severe is CVE-2024-29891?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2024-29891?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2024-29891 - HIGH Severity | CVSS 8.7

Vulnerability Description

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.

Related Vulnerabilities

CVE-2024-22060

HIGH

CVSS:8.7(High)

An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM s...

CWE-4342024

CVE-2020-3436

HIGH

CVSS:8.6(High)

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arb...

CWE-4342020

CVE-2021-21355

HIGH

CVSS:8.6(High)

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime...

CWE-4342021

CVE-2025-45997

HIGH

CVSS:8.6(High)

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image...

CWE-4342025

CVE-2010-3663

HIGH

CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arb...

CWE-4342010

CVE-2011-1597

HIGH

CVSS:8.8(High)

OpenVAS Manager v2.0.3 allows plugin remote code execution.

CWE-4342011