Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoauthentikAuthentik

2 matches found

CVE
CVEadded 2024/01/30 5:15 p.m.188 views

CVE-2024-23647

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to ...

8.8CVSS8.8AI score0.00041EPSS
CVE
CVEadded 2024/01/11 6:15 a.m.32 views

CVE-2024-21637

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with response_mode=form_post. This relatively user could use the described attacks to perform a privilege escalation. This vulnerabi...

7.6CVSS5.3AI score0.00083EPSS