authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.
References
Configurations
No configuration.
History
21 Nov 2024, 09:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/goauthentik/authentik/releases/tag/version%2F2024.2.4 - | |
References | () https://github.com/goauthentik/authentik/releases/tag/version%2F2024.4.3 - | |
References | () https://github.com/goauthentik/authentik/releases/tag/version%2F2024.6.0 - | |
References | () https://github.com/goauthentik/authentik/security/advisories/GHSA-c78c-2r9w-p7x4 - |
01 Jul 2024, 12:37
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-28 18:15
Updated : 2024-11-21 09:24
NVD link : CVE-2024-37905
Mitre link : CVE-2024-37905
CVE.ORG link : CVE-2024-37905
JSON object : View
Products Affected
No product.