4 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...
BIT-AUTHENTIK-2024-42490 authentik has Insufficient Authorization for several API endpoints
authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs//viewcertificate/, /api/v3/crypto/certificatekeypairs//viewprivatekey/, and...
Incorrect Authorization
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization via incomplete role-based checks in the checkproxyadminvieweraccess function. An attacker can modify user credentials by sending crafted requests to...
PT-2024-29987
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.4.4 authentik versions 2024.6.0-rc1 through 2024.6.3 authentik versions prior to 2024.8.0 Description The issue concerns an open-source Identity Provider where several API endpoints can be accessed by users...