Medium severity6.5NVD Advisory· Published Jun 3, 2022· Updated Jun 17, 2026
CVE-2022-29773
CVE-2022-29773
Description
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aleksis-corePyPI | < 2.9 | 2.9 |
Affected products
2- AlekSIS/Coredescription
Patches
Vulnerability mechanics
References
7- aleksis.org/2022-05-04_advisory.htmlnvdBroken LinkVendor AdvisoryWEB
- edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/688nvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-76x2-h8h3-cwjgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-29773ghsaADVISORY
- edugit.org/AlekSIS/official/AlekSIS-CoreghsaPACKAGE
- edugit.org/AlekSIS/official/AlekSIS-Core/-/commit/0d39d5f566e1d916e3c8dedd3f5bd62161f30bd8ghsaWEB
- edugit.org/AlekSIS/official/AlekSIS-Core/-/merge_requests/1011ghsaWEB
News mentions
0No linked articles in our index yet.