| Summary | authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued for one application and use it to access another application that they aren't allowed to access. Anyone who has more than one proxy provider application with different trust domains or different access control is affected. Versions 2024.8.3 and 2024.6.5 fix the issue. |
|---|---|
| Publication Date | Sept. 28, 2024, 1:15 a.m. |
| Registration Date | Sept. 28, 2024, 5 a.m. |
| Last Update | Sept. 30, 2024, 9:45 p.m. |
| Title | Authentik Security Inc の authentik における不正な認証に関する脆弱性 |
|---|---|
| Summary | Authentik Security Inc の authentik には、不正な認証に関する脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 27, 2024, midnight |
| Registration Date | Aug. 22, 2025, 11:44 a.m. |
| Last Update | Aug. 22, 2025, 11:44 a.m. |
| Authentik Security Inc |
| authentik 2024.6.5 未満 |
| authentik 2024.8.0 以上 2024.8.3 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年08月22日] 掲載 |
Aug. 22, 2025, 11:44 a.m. |