Jonathan Weth

**Name of the Vulnerable Software and Affected Versions** AlekSIS-Core versions 2.8.1 and below **Description** An access control issue in aleksis/core/util/auth helpers.py, specifically in the ClientProtectedResourceMixin, allows attackers to access arbitrary scopes if no allowed scopes are specifically set. **Recommendations** For AlekSIS-Core versions 2.8.1 and below, consider setting allowed scopes specifically to prevent attackers from accessing arbitrary scopes until a patch is available. As a temporary workaround, review and restrict access to sensitive resources to minimize the risk of exploitation.