CVE-2023-48228

Summary

CVE-2023-48228 affects the open-source identity provider, authentik. Before versions 2023.10.4 and 2023.8.5, authentik failed to verify the `code_verifier` during the OAuth2 token step if it was not provided, despite the flow being initiated with a `code_challenge`. This vulnerability could allow attackers to obtain unauthorized access tokens, making it essential for users to update to the fixed versions as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.