CVE-2024-37905 | goauthentik prior 2024.2.4/2024.4.2/2024.6.0 API-Access-Token access control (GHSA-c78c-2r9w-p7x4)

Posted by Angelo Barbosa | Jun 28, 2024 | CVE

A vulnerability classified as critical was found in goauthentik authentik. This vulnerability affects unknown code of the component API-Access-Token Handler. The manipulation leads to improper access controls.

This vulnerability was named CVE-2024-37905. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-37905 | goauthentik prior 2024.2.4/2024.4.2/2024.6.0 API-Access-Token access control (GHSA-c78c-2r9w-p7x4)

Related Posts

VDB-263599 | Campcodes Complete Web-Based School Management System 1.0 /view/find_friends.php my_type cross site scripting

CVE-2024-32138 | KaizenCoders Short URL Plugin up to 1.6.8 on WordPress cross site scripting

CVE-2024-29499 | Anchor CMS 0.12.7 2 cross-site request forgery

CVE-2024-4838 | ConvertPlus Plugin up to 3.5.26 on WordPress code injection