Vulnerability	Vulnerable Version
M Timing Attack authentik-client is an authentik Affected versions of this package are vulnerable to Timing Attack due to the usage of a non-constant time comparison for the `/-/metrics/` endpoint. An attacker can brute-force the `SECRET_KEY`, which is used to authenticate the endpoint, by observing the time differences in the responses. How to fix Timing Attack? Upgrade `authentik-client` to version 2024.10.4.post1732236734 or higher.	[,2024.10.4.post1732236734)
M Improper Authorization authentik-client is an authentik Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants `client_credentials` or `device_code`. An attacker can obtain a token with unauthorized scopes. How to fix Improper Authorization? Upgrade `authentik-client` to version 2024.10.4.post1732236734 or higher.	[,2024.10.4.post1732236734)

Timing Attack

authentik-client is an authentik

Affected versions of this package are vulnerable to Timing Attack due to the usage of a non-constant time comparison for the /-/metrics/ endpoint. An attacker can brute-force the SECRET_KEY, which is used to authenticate the endpoint, by observing the time differences in the responses.

How to fix Timing Attack?

Upgrade authentik-client to version 2024.10.4.post1732236734 or higher.

[,2024.10.4.post1732236734)

Improper Authorization

authentik-client is an authentik

Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants client_credentials or device_code. An attacker can obtain a token with unauthorized scopes.

How to fix Improper Authorization?

Upgrade authentik-client to version 2024.10.4.post1732236734 or higher.

[,2024.10.4.post1732236734)

Go back to all versions of this package