@withstudiocms/auth-kit 0.1.0-beta.4

Direct Vulnerabilities

Known vulnerabilities in the @withstudiocms/auth-kit package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Authorization Bypass Through User-Controlled Key @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the `DELETE /studiocms_api/dashboard/api-tokens` endpoint. An attacker can revoke API tokens belonging to other users, including higher-privileged accounts, by supplying arbitrary `tokenID` and `userID` values without ownership or role validation, resulting in disruption of integrations and automated workflows. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `@withstudiocms/auth-kit` to version 0.1.4 or higher.	<0.1.4
H Incorrect Authorization @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Incorrect Authorization through the `api-tokens` endpoint, which allows an authenticated user with editor privileges or higher to generate API tokens for any user by specifying their user ID in the request body. An attacker can gain unauthorized access to higher-privileged accounts, including owner and admin, by generating tokens for those accounts and using them to access protected API endpoints. How to fix Incorrect Authorization? Upgrade `@withstudiocms/auth-kit` to version 0.1.4 or higher.	<0.1.4

Vulnerability

Vulnerable Version

Authorization Bypass Through User-Controlled Key

@withstudiocms/auth-kit is an Utilities for managing authentication

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocms_api/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users, including higher-privileged accounts, by supplying arbitrary tokenID and userID values without ownership or role validation, resulting in disruption of integrations and automated workflows.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade @withstudiocms/auth-kit to version 0.1.4 or higher.

<0.1.4

Incorrect Authorization

@withstudiocms/auth-kit is an Utilities for managing authentication

Affected versions of this package are vulnerable to Incorrect Authorization through the api-tokens endpoint, which allows an authenticated user with editor privileges or higher to generate API tokens for any user by specifying their user ID in the request body. An attacker can gain unauthorized access to higher-privileged accounts, including owner and admin, by generating tokens for those accounts and using them to access protected API endpoints.

How to fix Incorrect Authorization?

Upgrade @withstudiocms/auth-kit to version 0.1.4 or higher.

<0.1.4

@withstudiocms/auth-kit@0.1.0-beta.4

Utilities for managing authentication

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically