2024-11-21 17:23:40
GitHub_M
PUBLISHED
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that havent been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue.