Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

goauthentik

1 Product 18 CVEs

CVE Severity Distribution (All Time)

Critical
4
High
7
Medium
4
Low
0

Timeline Overview

Last 30 Days 0 CVEs
Last 6 Months 0 CVEs
Last Year 6 CVEs

Products

View all

authentik

34 Versions 18 CVEs

Recent CVEs

View all
CVE-2024-52287 UNKNOWN 8 months ago

authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get …

CVE-2024-52289 UNKNOWN 8 months ago

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect UR…

CVE-2024-52307 UNKNOWN 8 months ago

authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to bru…

CVE-2024-47077 MEDIUM 9 months, 4 weeks ago

authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that…

CVE-2024-47070 CRITICAL 9 months, 4 weeks ago

authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login…

CVE-2024-42490 HIGH 11 months ago

authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main …