14 matches found
BIT-AUTHENTIK-2025-64708 authentik invitation expiry is delayed by at least 5 minutes
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...
SUSE CVE-2025-64521
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...
CVE-2025-64521
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...
authentik's invitation expiry is delayed by at least 5 minutes
Summary In previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5 minutes because the cleanup of expired objects is scheduled to run every 5 minutes...
GHSA-XR73-JQ5P-CH8R authentik allows a deactivated Service account to authenticate to OAuth
Summary When authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even when the account was deactivated. Other permissions are correctly applied and...
CVE-2025-64521
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...
CVE-2025-64708 authentik invitation expiry is delayed by at least 5 minutes
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...
CVE-2025-64708 authentik invitation expiry is delayed by at least 5 minutes
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...
CVE-2025-64708
The vulnerability CVE-2025-64708 affects authentik (open-source Identity Provider). Prior to versions 2025.8.5 and 2025.10.2, invitations remained valid despite expiration, relying on background cleanup every 5 minutes. In normal operation this cleanup can take up to 5 minutes, but with a large b...
CVE-2025-64708 authentik invitation expiry is delayed by at least 5 minutes
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...
CVE-2025-64521
CVE-2025-64521 affects authentik, an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, authenticating to an OAuth provider with client_id/client_secret could create a service account for the provider, and that account could be used even if deactivated. The issue was fixed i...
CVE-2025-64521 authentik deactivated service accounts can authenticate to OAuth
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...
authentik 安全漏洞
authentik is an open source identity provisioning application from authentik Open Source. A security vulnerability exists in authentik versions prior to 2025.8.5 and prior to 2025.10.2, which stems from a service account that can still be authenticated after deactivation, potentially leading to...
authentik 代码问题漏洞
authentik is an open source identity provisioning application from authentik open source. A code issue vulnerability exists in authentik versions prior to 2025.8.5 and prior to 2025.10.2, which stems from invitations being treated as valid even after they have expired, which could lead to...