{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T04:42:17.288","vulnerabilities":[{"cve":{"id":"CVE-2024-38371","sourceIdentifier":"security-advisories@github.com","published":"2024-06-28T18:15:04.647","lastModified":"2025-08-21T16:01:24.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3."},{"lang":"es","value":"authentik es un proveedor de identidades de código abierto. Las restricciones de acceso asignadas a una aplicación no se verificaron cuando se utilizó el flujo de código del dispositivo OAuth2. Potencialmente, esto podría permitir a los usuarios sin la autorización correcta obtener tokens OAuth para una aplicación y acceder a ella. Este problema se solucionó en las versiones 2024.6.0, 2024.2.4 y 2024.4.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*","versionEndExcluding":"2024.2.4","matchCriteriaId":"ED1F1937-A547-440E-8D37-5830973FDB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.4.0","versionEndExcluding":"2024.4.3","matchCriteriaId":"FB436255-F93A-4090-96AE-3AF72C6F68E2"}]}]}],"references":[{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2024.2.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2024.4.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2024.6.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/goauthentik/authentik/security/advisories/GHSA-jq3m-37m7-gp45","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2024.2.4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2024.4.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2024.6.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/goauthentik/authentik/security/advisories/GHSA-jq3m-37m7-gp45","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}