Security Advisory

CVE-2024-52287

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-21 17:23:40

Last updated 2024-11-21 21:05:11

Assigner GitHub_M

State PUBLISHED

Description

authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that havent been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue.

← Browse all CVEs View on cve.org ↗