4 matches found
CVE-2024-52287
authentik is an open-source identity provider. When using the clientcredentials or devicecode OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue...
What is Nudge Security and How Does it Work?
Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new...
CVE-2024-52287
authentik is an open-source identity provider. When using the clientcredentials or devicecode OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue...
Improper Authorization
Overview authentik-client is an authentik Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants clientcredentials or devicecode. An attacker can obtain a token with unauthorized scopes. Remediation Upgrade authentik-client to...