M2A2

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2024.4.4 authentik versions 2024.6.0-rc1 through 2024.6.3 authentik versions prior to 2024.8.0 **Description** The issue concerns an open-source Identity Provider where several API endpoints can be accessed by users without correct authentication or authorization. The main affected API endpoints are "/api/v3/crypto/certificatekeypairs/<uuid>/view certificate/", "/api/v3/crypto/certificatekeypairs/<uuid>/view private key/", and "/api/v3/.../used by/". These endpoints require knowledge of an object's ID, which is not easily accessible to unprivileged users, especially for certificates, and the IDs are mostly UUIDv4, making them not easily guessable or enumerable. **Recommendations** For versions prior to 2024.4.4, update to version 2024.4.4 or later. For versions 2024.6.0-rc1 through 2024.6.3, update to version 2024.6.4 or later. For versions prior to 2024.8.0, update to version 2024.8.0 or later. As a temporary workaround, consider blocking access to the affected API endpoints at a Reverse-proxy/Load balancer level to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2024.2.4 authentik versions prior to 2024.4.2 authentik versions prior to 2024.4.3 authentik versions prior to 2024.6.0 **Description** The authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the authentik application, including resetting user passwords and more. **Recommendations** For versions prior to 2024.2.4, update to version 2024.2.4 or later. For versions prior to 2024.4.2, update to version 2024.4.2 or later. For versions prior to 2024.4.3, update to version 2024.4.3 or later. For versions prior to 2024.6.0, update to version 2024.6.0 or later.