Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 8:3 p.m.8 views

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS5.3AI score0.00131EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/28 2:55 a.m.5 views

Improper Authentication

goauthentik.io is vulnerable to improper authentication. The vulnerability is due to deactivated users who registered or linked accounts via OAuth/SAML retaining partial access, which allows an attacker to authorize applications if they know the application URL, despite their account being...

7.4CVSS5.8AI score0.00489EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/23 8:35 p.m.18 views

CVE-2025-53942 authentik has an insufficient check for account active status during OAuth/SAML authentication

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to...

7.1CVSS6.4AI score0.00489EPSS
Exploits0References6
CVE
CVE
added 2025/07/23 8:35 p.m.39 views

CVE-2025-53942

Summary of CVE-2025-53942 (authentik): Affected: authentik identity provider. Issue: deactivated users who registered via OAuth/SAML (or linked accounts) could remain partially active, enabling authorization of applications despite deactivation. Root cause: insufficient check for account active s...

7.4CVSS6.1AI score0.00489EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.18 views

PT-2025-30439

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.4.4 authentik versions 2025.6.0-rc1 through 2025.6.3 Description Deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can retain partial access to the system...

9.8CVSS5.8AI score0.02095EPSS
Exploits8References50
Rows per page
Query Builder