authentik-client@2024.6.3.post1723921885 vulnerabilities

authentik

  • latest version

    2024.12.1.post1734988465

  • latest non vulnerable version

  • first published

    9 months ago

  • latest version published

    1 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the authentik-client package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Timing Attack

    authentik-client is an authentik

    Affected versions of this package are vulnerable to Timing Attack due to the usage of a non-constant time comparison for the /-/metrics/ endpoint. An attacker can brute-force the SECRET_KEY, which is used to authenticate the endpoint, by observing the time differences in the responses.

    How to fix Timing Attack?

    Upgrade authentik-client to version 2024.10.4.post1732236734 or higher.

    [,2024.10.4.post1732236734)
    • H
    Incorrect Regular Expression

    authentik-client is an authentik

    Affected versions of this package are vulnerable to Incorrect Regular Expression due to the insecure handling of OAuth2 redirect URIs, which are checked by RegEx comparison without proper escaping of special characters. An attacker can manipulate the validation process by registering a domain that closely resembles the intended domain, thus bypassing the validation checks.

    How to fix Incorrect Regular Expression?

    Upgrade authentik-client to version 2024.10.4.post1732236734 or higher.

    [,2024.10.4.post1732236734)
    • M
    Improper Authorization

    authentik-client is an authentik

    Affected versions of this package are vulnerable to Improper Authorization due to insufficient validation of the OAuth grants client_credentials or device_code. An attacker can obtain a token with unauthorized scopes.

    How to fix Improper Authorization?

    Upgrade authentik-client to version 2024.10.4.post1732236734 or higher.

    [,2024.10.4.post1732236734)