Lucene search
K

380 matches found

Vulnrichment
Vulnrichment
added 2022/12/28 6:16 a.m.14 views

CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

6.4CVSS6.5AI score0.00539EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/12/28 6:16 a.m.39 views

CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

6.4CVSS6.6AI score0.00539EPSS
Exploits1References1
OSV
OSV
added 2022/12/28 6:16 a.m.27 views

CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

6.4CVSS6.4AI score0.00539EPSS
Exploits1References3
CVE
CVE
added 2022/12/28 6:16 a.m.62 views

CVE-2022-46172

Summary: CVE-2022-46172 affects authentik (open-source identity provider). In versions prior to 2022.10.4 and 2022.11.4, any authenticated user could create an arbitrary number of basic accounts through the default-user-settings-flow (/api/v3/flows/instances/default-user-settings-flow/execute/), ...

6.4CVSS6.5AI score0.00539EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/12/28 1:15 a.m.32 views

CVE-2022-23555

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

9.4CVSS0.00884EPSS
Exploits1References1
Prion
Prion
added 2022/12/28 1:15 a.m.11 views

Authentication flaw

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

6.8CVSS8.7AI score0.00884EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/12/28 12:12 a.m.107 views

CVE-2022-23555

The CVE-2022-23555 issue affects authentik, an open-source Identity Provider. A vulnerability in token handling within Invitations allows token reuse across enrollment flows, bypassing access controls when multiple enrollment flows with invitations are used. Versions prior to 2022.11.4 and 2022.1...

9.4CVSS8.9AI score0.00884EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/28 12:12 a.m.7 views

CVE-2022-23555 authentik vulnerable to Improper Authentication via invitation URL token reuse

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

9.4CVSS9.1AI score0.00884EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/12/28 12:12 a.m.34 views

CVE-2022-23555 authentik vulnerable to Improper Authentication via invitation URL token reuse

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

9.4CVSS9.3AI score0.00884EPSS
Exploits1References1
OSV
OSV
added 2022/12/28 12:12 a.m.25 views

CVE-2022-23555 authentik vulnerable to Improper Authentication via invitation URL token reuse

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

9.4CVSS7.7AI score0.00884EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.5 views

authentik 授权问题漏洞

authentik is an open source identity provisioning application from authentik Open Source. Authentik suffers from an authorization issue vulnerability that stems from vulnerability to incorrect authentication, where token reuse in the invitation URL leads to bypassing access control by using a...

9.4CVSS7.4AI score0.00884EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.5 views

PT-2022-27786

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.10.4 authentik versions prior to 2022.11.4 Description The issue allows any authenticated user to create an arbitrary number of accounts through the default flows, which can circumvent policies where it is...

6.4CVSS6.7AI score0.00539EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.4 views

authentik 安全漏洞

authentik is an open source identity provisioning application from authentik Open Source. A security vulnerability exists in authentik that stems from the fact that any authenticated user can create an arbitrary number of accounts through a default process...

6.4CVSS6.6AI score0.00539EPSS
Exploits1References2
NVD
NVD
added 2022/12/02 6:15 p.m.29 views

CVE-2022-46145

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

9.8CVSS0.01177EPSS
Exploits0References3
Prion
Prion
added 2022/12/02 6:15 p.m.15 views

Design/Logic Flaw

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

7.5CVSS9.4AI score0.01177EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/02 5:12 p.m.7 views

CVE-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

8.1CVSS9.5AI score0.01177EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/02 5:12 p.m.32 views

CVE-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

8.1CVSS9.7AI score0.01177EPSS
Exploits0References3
OSV
OSV
added 2022/12/02 5:12 p.m.20 views

CVE-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

8.1CVSS9.2AI score0.01177EPSS
Exploits0References5
CVE
CVE
added 2022/12/02 5:12 p.m.98 views

CVE-2022-46145

CVE-2022-46145 affects authentik (open-source identity provider) versions prior to 2022.11.2 and 2022.10.2. The root issue is that default flows allow unauthenticated account creation, which can enable account takeover, especially if an email-verified password-recovery flow exists to overwrite an...

9.8CVSS9AI score0.01177EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.4 views

authentik 访问控制错误漏洞

authentik is an open source identity provisioning application from authentik Open Source. An access control error vulnerability exists in authentik versions prior to 2022.11.2 and 2022.10.2, which stems from the fact that an unauthenticated user can create a new account in authentik using the...

9.8CVSS8.4AI score0.01177EPSS
Exploits0References5
Rows per page
Query Builder