CVE-2024-37905
Severity:
HIGH
Type:
CWE-284
Improper Access Control
Publication date:
28/06/2024
Last modified:
28/06/2024
Description
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.<br />
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH