CVE-2022-46145
CVE-2022-46145 affects authentik (open-source identity provider) versions prior to 2022.11.2 and 2022.10.2. The root issue is that default flows allow unauthenticated account creation, which can enable account takeover, especially if an email-verified password-recovery flow exists to overwrite an...