authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.
History

Thu, 21 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T04:04:23.359Z

Reserved: 2024-06-10T19:54:41.362Z

Link: CVE-2024-37905

cve-icon Vulnrichment

Updated: 2024-08-02T04:04:23.359Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-28T18:15:04.400

Modified: 2025-08-21T16:14:04.573

Link: CVE-2024-37905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T21:07:10Z