Beryju

Name of the Vulnerable Software and Affected Versions: authentik versions prior to 2025.4.3 authentik versions prior to 2025.6.3 Description: The issue arises from the way authentik handles tokens after authorizing access to a RAC endpoint. A token is created for a single connection and sent to the client in the URL, but the check to ensure this token is only valid for the session of the user who authorized the connection is missing in affected versions. This could allow a malicious user to access the same session by copying the URL, for example, during a screenshare. Recommendations: For versions prior to 2025.4.3 and 2025.6.3, as a temporary workaround, consider decreasing the duration a token is valid for by setting Connection expiry to `minutes=5` in the RAC Provider settings. Enable the option Delete authorization on disconnect to minimize the risk of exploitation. Update to version 2025.4.3 or 2025.6.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2024.2.4 authentik versions prior to 2024.4.3 authentik versions prior to 2024.6.0 **Description** The issue concerns an open-source Identity Provider where access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. **Recommendations** For versions prior to 2024.2.4, update to version 2024.2.4 or later. For versions prior to 2024.4.3, update to version 2024.4.3 or later. For versions prior to 2024.6.0, update to version 2024.6.0 or later.