authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-28T17:09:24.090Z
Updated: 2024-08-02T04:04:23.359Z
Reserved: 2024-06-10T19:54:41.362Z
Link: CVE-2024-37905
Vulnrichment
Updated: 2024-08-02T04:04:23.359Z
NVD
Status : Awaiting Analysis
Published: 2024-06-28T18:15:04.400
Modified: 2024-11-21T09:24:30.567
Link: CVE-2024-37905
Redhat
No data.