Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:37 a.m.8 views

CVE-2023-26481

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

9.1CVSS7AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2023/03/04 1:15 a.m.32 views

CVE-2023-26481

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

9.1CVSS9.4AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/04 12:30 a.m.9 views

CVE-2023-26481 Insufficient user check in FlowTokens by Email stage

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

9.1CVSS9.3AI score0.00275EPSS
Exploits0References2
Drupal
Drupal
added 2017/08/02 12:0 a.m.16 views

Alinks - Moderately Critical -Access bypass - SA-CONTRIB-2017-058

This module enables you to automatically link keywords to specific URLs. This module has an insufficient access check on the delete route. Alinks uses the wrong permission for an access check. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with...

7.1AI score
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2015/02/16 12:0 a.m.26 views

Fedora 21 : moodle-2.7.5-1.fc21 (2015-1751)

"The following security notifications have now been made public : ====================================================================== ======== MSA-15-0001: Insufficient access check in LTI module Description: Absence of capability check in AJAX backend script could allow any enrolled user to...

6.8CVSS5.2AI score0.0224EPSS
Exploits0References19
Rows per page
Query Builder