CVE-2024-52307 | authentik prior 2024.8.5/2024.10.3 /-/metrics/ SECRET_KEY timing discrepancy

Inserito da Angelo Barbosa | Nov 21, 2024 | CVE

A vulnerability was found in authentik. It has been classified as problematic. Affected is an unknown function of the file /-/metrics/. The manipulation of the argument SECRET_KEY leads to observable timing discrepancy.

This vulnerability is traded as CVE-2024-52307. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-52307 | authentik prior 2024.8.5/2024.10.3 /-/metrics/ SECRET_KEY timing discrepancy

Post correlati

CVE-2023-29052 | Open-Xchange OX App Suite up to 7.10.6-rev34 Disclaimer Text cross site scripting (oxas-adv-2023-0006)

CVE-2024-29805 | ShopUp Shipping with Venipak for WooCommerce Plugin up to 1.19.5 on WordPress cross site scripting

CVE-2024-2566 | Fujian Kelixin Communication Command and Dispatch Platform up to 20240313 get_extension_yl.php imei sql injection

CVE-2024-32976 | Envoy up to 1.27.5/1.28.3/1.29.4/11.30.1 Decompression infinite loop (GHSA-7wp5-c2vq-4f8m)