BIT-AUTHENTIK-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

EUVD-2022-48997

Malicious code in bioql PyPI...

CVE-2022-46172

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

Unauthorised User Account Creation

authentik is vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create a new account. If a flow allows email password recovery, attackers can overwrite the email address of admin accounts and take over the account...

CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...