Lucene search

GoogleOSV:GO-2024-3085

HistoryAug 30, 2024 - 5:18 p.m.

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io

2024-08-3017:18:07

Google

osv.dev

goauthentik

insufficient authorization

api endpoints

goauthentik.io

vulnerable

affected modules

versions

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

Confidence

Low

JSON

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: goauthentik.io before v2024.4.4, from v2024.6.0-rc1 before v2024.6.4.

References

github.com/goauthentik/authentik/commit/19318d4c00bb02c4ec3c4f8f15ac2e1dbe8d846c

github.com/goauthentik/authentik/commit/359b343f51524342a5ca03828e7c975a1d654b11

github.com/goauthentik/authentik/security/advisories/GHSA-qxqc-27pr-wgc8

nvd.nist.gov/vuln/detail/CVE-2024-42490

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

AI Score

Confidence

Low

JSON

Related for OSV:GO-2024-3085