Missing Authorization Affecting label-studio-sso package, versions [,6.0.8)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Missing Authorization vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-LABELSTUDIOSSO-14172514
- published4 Dec 2025
- disclosed2 Dec 2025
- creditUnknown
Introduced: 2 Dec 2025
New CVE NOT AVAILABLE CWE-862 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade label-studio-sso to version 6.0.8 or higher.
Overview
label-studio-sso is a Native JWT authentication for Label Studio OSS - simple and secure SSO integration
Affected versions of this package are vulnerable to Missing Authorization due to missing validation in the SSO token API. The API does not restrict account creation to pre-registered users, allowing an attacker with a valid SSO token to create arbitrary new accounts and gain unauthorized access to the application without proper authorization checks.