5 matches found
EUVD-2013-3383
Malware in sbrugna...
EUVD-2024-0194
Malicious code in bioql PyPI...
GHSA-9G4J-V8W5-7X42 Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources
Summary Deactivated users that had either enrolled via OAuth/SAML or had their account connected to an OAuth/SAML account can still partially access authentik even if their account is deactivated. They end up in a half-authenticated state where they cannot access the API but crucially they can...
CVE-2024-47000
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions...
CVE-2024-47000
Zitadel CVE-2024-47000 affects service accounts: deactivating a service account could still allow token requests, enabling potential unauthorized access. Affected releases include 2.54.10 through 2.62.1 (various 2.x lines); fixes are in 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55...