Headline
GHSA-76x2-h8h3-cwjg: Access control issue in AlekSIS-Core
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.
Access control issue in AlekSIS-Core
Moderate severity GitHub Reviewed Published Jun 4, 2022 • Updated Jun 6, 2022
Related news
CVE-2022-29773: ClientProtectedResourceMixin allows access if no allowed_scopes are set (#688) · Issues · AlekSIS / Official / AlekSIS-Core
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.