Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient access control for OAuth2 Device Code flow in authentik
Vulnerability Description
authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
authentik 安全漏洞
Vulnerability Description
authentik是authentik开源的一个开源身份提供应用程序。 authentik存在安全漏洞,该漏洞源于使用 OAuth2 设备代码流时未检查分配给应用程序的访问限制。
CVSS Information
N/A
Vulnerability Type
N/A