CVE-2024-52287

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.8.5 authentik versions prior to 2024.10.3

Description The issue allows an attacker to obtain a token with scopes that haven't been configured in authentik when using the client credentials or device code OAuth grants.

Recommendations For versions prior to 2024.8.5, update to version 2024.8.5 or later. For versions prior to 2024.10.3, update to version 2024.10.3 or later.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BIT-AUTHENTIK-2024-52287

CVE-2024-52287

GHSA-V6M7-8J37-8F4V

Affected Products

Authentik

CVE-2024-52287

Weakness Enumeration

Related Identifiers

Affected Products

References · 9