2 matches found
CVE-2024-47077 authentik cross-provider token validation problems
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...
CVE-2024-47077
CVE-2024-47077 affects authentik (open-source identity provider). The issue: access tokens issued to one application can be stolen by that application and used to impersonate users against other proxy providers, and tokens legitimately issued for one app can be used to access another app the user...