Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:37 a.m.9 views

CVE-2023-26481

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

9.1CVSS7AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2023/03/04 12:30 a.m.63 views

CVE-2023-26481

CVE-2023-26481 affects authentik (open-source Identity Provider). Root cause: insufficient access check in the recovery flow allows an admin-created or emailed recovery link to set passwords for arbitrary users when a recovery flow exists with both Identification and Email stages. If the flow inc...

9.1CVSS7.2AI score0.00275EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/04 12:30 a.m.10 views

CVE-2023-26481 Insufficient user check in FlowTokens by Email stage

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

9.1CVSS9.3AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/04 12:30 a.m.33 views

CVE-2023-26481 Insufficient user check in FlowTokens by Email stage

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

9.1CVSS9.5AI score0.00275EPSS
Exploits0References2
Rows per page
Query Builder