Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.10 views

CVE-2024-52287

authentik is an open-source identity provider. When using the clientcredentials or devicecode OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue...

7.2CVSS6.9AI score0.00561EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/12/11 11:2 a.m.37 views

What is Nudge Security and How Does it Work?

Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new...

7AI score
Exploits0
NVD
NVD
added 2024/11/21 6:15 p.m.19 views

CVE-2024-52287

authentik is an open-source identity provider. When using the clientcredentials or devicecode OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue...

7.2CVSS0.00561EPSS
Exploits0References2
Snyk
Snyk
added 2024/11/21 5:43 p.m.3 views

Improper Authorization

Overview authentik-client is an authentik Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants clientcredentials or devicecode. An attacker can obtain a token with unauthorized scopes. Remediation Upgrade authentik-client to...

8.7CVSS6.9AI score0.00561EPSS
Exploits0References2
Rows per page
Query Builder