Vulnerability	Vulnerable Version
M Timing Attack authentik-client is an authentik Affected versions of this package are vulnerable to Timing Attack due to the usage of a non-constant time comparison for the `/-/metrics/` endpoint. An attacker can brute-force the `SECRET_KEY`, which is used to authenticate the endpoint, by observing the time differences in the responses. How to fix Timing Attack? Upgrade `authentik-client` to version 2024.10.4.post1732236734 or higher.	[,2024.10.4.post1732236734)
H Incorrect Regular Expression authentik-client is an authentik Affected versions of this package are vulnerable to Incorrect Regular Expression due to the insecure handling of `OAuth2` redirect URIs, which are checked by RegEx comparison without proper escaping of special characters. An attacker can manipulate the validation process by registering a domain that closely resembles the intended domain, thus bypassing the validation checks. How to fix Incorrect Regular Expression? Upgrade `authentik-client` to version 2024.10.4.post1732236734 or higher.	[,2024.10.4.post1732236734)
M Improper Authorization authentik-client is an authentik Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants `client_credentials` or `device_code`. An attacker can obtain a token with unauthorized scopes. How to fix Improper Authorization? Upgrade `authentik-client` to version 2024.10.4.post1732236734 or higher.	[,2024.10.4.post1732236734)

Go back to all versions of this package