Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-76x2-h8h3-cwjg: Access control issue in AlekSIS-Core

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

ghsa
#git#auth

Access control issue in AlekSIS-Core

Moderate severity GitHub Reviewed Published Jun 4, 2022 • Updated Jun 6, 2022

Related news

CVE-2022-29773: ClientProtectedResourceMixin allows access if no allowed_scopes are set (#688) · Issues · AlekSIS / Official / AlekSIS-Core

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.