CVE-2024-52287

CVSS V2 None CVSS V3 None
Description
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue.
Overview
  • CVE ID
  • CVE-2024-52287
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-21T17:23:40.640Z
  • Last Modified Date
  • 2024-11-21T21:05:11.287Z
History
Created Old Value New Value Data Type Notes
2024-11-22 13:22:22 Added to TrackCVE