CVE-2022-29773

Name of the Vulnerable Software and Affected Versions AlekSIS-Core versions 2.8.1 and below

Description An access control issue in aleksis/core/util/auth helpers.py, specifically in the ClientProtectedResourceMixin, allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

Recommendations For AlekSIS-Core versions 2.8.1 and below, consider setting allowed scopes specifically to prevent attackers from accessing arbitrary scopes until a patch is available. As a temporary workaround, review and restrict access to sensitive resources to minimize the risk of exploitation.