Vulnerabilidades em goauthentik
36 resultadosCVE-2023-48228HIGHOAuth2: PKCE can be fully circumventedEPSS 1.2%CVE-2022-46145HIGHauthentik vulnerable to unauthorized user creation and potential account takeoverEPSS 1.2%CVE-2024-52289HIGHauthentik has an insecure default configuration for OAuth2 Redirect URIsEPSS 1.1%CVE-2022-23555CRITICALauthentik vulnerable to Improper Authentication via invitation URL token reuseEPSS 0.9%CVE-2024-37905HIGHImproper Access Control and Incorrect Authorization in github.com/goauthentik/authentikEPSS 0.8%CVE-2023-46249CRITICALauthentik potential installation takeover when default admin user is deletedEPSS 0.7%CVE-2026-25227CRITICALauthentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test EndpointEPSS 0.6%CVE-2024-38371HIGHInsufficient access control for OAuth2 Device Code flow in authentikEPSS 0.6%CVE-2023-36456HIGHAuthentik lacks Proxy IP headers validationEPSS 0.6%CVE-2024-52287MEDIUMauthentik performs insufficient validation of OAuth scopesEPSS 0.6%CVE-2024-42490HIGHauthentik has Insufficient Authorization for several API endpointsEPSS 0.6%CVE-2024-47070CRITICALauthentik vulnerable to password authentication bypass via X-Forwarded-For HTTP headerEPSS 0.5%CVE-2024-21637HIGHXSS in Authentik via JavaScript-URI as Redirect URI and form_post Response ModeEPSS 0.5%CVE-2024-23647MEDIUMPKCE downgrade attack in AuthentikEPSS 0.5%CVE-2022-46172MEDIUMauthentik allows existing authenticated users to create arbitrary accountsEPSS 0.5%CVE-2024-52307MEDIUMauthentik allows a timing attack due to missing constant time comparison for metrics viewEPSS 0.5%CVE-2023-39522MEDIUMUsername enumeration attack in goauthentikEPSS 0.5%CVE-2025-53942HIGHauthentik has an insufficient check for account active status during OAuth/SAML authenticationEPSS 0.5%CVE-2026-25748HIGHauthentik has a forward authentication bypass with broken cookieEPSS 0.5%CVE-2025-52553MEDIUMauthentik has Insufficient Session verification for Remote Access Control endpoint accessEPSS 0.4%