Matt1097

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2024.8.5 authentik versions prior to 2024.10.3 **Description** The issue allows an attacker to obtain a token with scopes that haven't been configured in authentik when using the client credentials or device code OAuth grants. **Recommendations** For versions prior to 2024.8.5, update to version 2024.8.5 or later. For versions prior to 2024.10.3, update to version 2024.10.3 or later.