VYPR

npm package

@goauthentik/api

pkg:npm/%40goauthentik/api

Vulnerabilities (1)

  • CVE-2023-39522Aug 29, 2023
    affected >= 2023.6.0, < 2023.6.2fixed 2023.6.2

    goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system