5 matches found
CVE-2023-26481
authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...
CVE-2023-26481
authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...
CVE-2023-26481 Insufficient user check in FlowTokens by Email stage
authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...
Alinks - Moderately Critical -Access bypass - SA-CONTRIB-2017-058
This module enables you to automatically link keywords to specific URLs. This module has an insufficient access check on the delete route. Alinks uses the wrong permission for an access check. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with...
Fedora 21 : moodle-2.7.5-1.fc21 (2015-1751)
"The following security notifications have now been made public : ====================================================================== ======== MSA-15-0001: Insufficient access check in LTI module Description: Absence of capability check in AJAX backend script could allow any enrolled user to...