Quentinmit

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2024.8.3 authentik versions prior to 2024.6.5 **Description** The issue allows access tokens issued to one application to be stolen and used to impersonate the user against any other proxy provider. A user can also steal an access token they were legitimately issued for one application and use it to access another application that they aren't allowed to access. This affects anyone who has more than one proxy provider application with different trust domains or different access control. **Recommendations** For versions prior to 2024.8.3, upgrade to version 2024.8.3 or later to fix the issue. For versions prior to 2024.6.5, upgrade to version 2024.6.5 or later to fix the issue.