authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0.
Metrics
Affected Vendors & Products
References
History
Thu, 21 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:* |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T04:04:23.359Z
Reserved: 2024-06-10T19:54:41.362Z
Link: CVE-2024-37905

Updated: 2024-08-02T04:04:23.359Z

Status : Analyzed
Published: 2024-06-28T18:15:04.400
Modified: 2025-08-21T16:14:04.573
Link: CVE-2024-37905

No data.

Updated: 2025-07-13T21:07:10Z