Lucene search

CVE-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik

🗓️ 28 Jun 2024 17:48:58Reported by GitHub_MType

Insufficient access control for OAuth2 Device Code flow in authentik, patched in versions 2024.6.0, 2024.2.4 and 2024.4.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 4
NVD	CVE-2024-38371	28 Jun 202418:15	–	nvd
Veracode	Improper Access Control	1 Jul 202412:06	–	veracode
Vulnrichment	CVE-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik	28 Jun 202417:58	–	vulnrichment
CVE	CVE-2024-38371	28 Jun 202418:15	–	cve

[
  {
    "vendor": "goauthentik",
    "product": "authentik",
    "versions": [
      {
        "version": "< 2024.6.0",
        "status": "affected"
      },
      {
        "version": "< 2024.4.3",
        "status": "affected"
      },
      {
        "version": "< 2024.2.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/goauthentik/authentik/releases/tag/version%2F2024.4.3
github	www.github.com/goauthentik/authentik/releases/tag/version%2F2024.6.0
github	www.github.com/goauthentik/authentik/releases/tag/version%2F2024.2.4
github	www.github.com/goauthentik/authentik/security/advisories/GHSA-jq3m-37m7-gp45

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jun 2024 17:58Current

CVSS38.6

EPSS0.0024