CVE-2023-49706
LinOTP Self Service in LinOTP 3.x prior to 3.2.5 is affected by a race-condition in defective request context handling that can be exploited by remote, unauthenticated attackers to escalate privileges and act with another user’s permissions. Attack requires generating repeated API requests to tri...