authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-28T17:09:24.090Z

Updated: 2024-08-02T04:04:23.359Z

Reserved: 2024-06-10T19:54:41.362Z

Link: CVE-2024-37905

cve-icon Vulnrichment

Updated: 2024-08-02T04:04:23.359Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-28T18:15:04.400

Modified: 2024-11-21T09:24:30.567

Link: CVE-2024-37905

cve-icon Redhat

No data.