npm package
@goauthentik/api
pkg:npm/%40goauthentik/api
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39522 | — | >= 2023.6.0, < 2023.6.2 | 2023.6.2 | Aug 29, 2023 | goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system |
- CVE-2023-39522Aug 29, 2023affected >= 2023.6.0, < 2023.6.2fixed 2023.6.2
goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system