CVE-2024-52287
Nov. 21, 2024, 6:15 p.m.
Tags
Product(s) Impacted
authentik
- 2024.8.5
- 2024.10.3
Description
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue.
Weaknesses
CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE ID: 285Date
Published: Nov. 21, 2024, 6:15 p.m.
Last Modified: Nov. 21, 2024, 6:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security-advisories@github.com
References
https://github.com/
security-advisories@github.com
https://github.com/
security-advisories@github.com