Google Git
Sign in
go / vulndb / cb5630d1a2b9e51416d917a69d89c0a680f0449b / . / data / osv / GO-2025-3822.json
blob: 2f6f99b0dad84c1e59ea70ffe9334430dbe6fb0a [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2025-3822",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-53942",
"GHSA-9g4j-v8w5-7x42"
],
"summary": "Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io",
"details": "Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: goauthentik.io before v0.0.0-20250722122105-7a4c6b9b50f8.",
"affected": [
{
"package": {
"name": "goauthentik.io",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20250722122105-7a4c6b9b50f8"
}
]
}
]
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-9g4j-v8w5-7x42"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53942"
},
{
"type": "WEB",
"url": "https://github.com/goauthentik/authentik/commit/7a4c6b9b50f8b837133a7a1fd2cb9b7f18a145cd"
},
{
"type": "WEB",
"url": "https://github.com/goauthentik/authentik/commit/c3629d12bfe3d32d3dc8f85c0ee1f087a55dde8f"
},
{
"type": "WEB",
"url": "https://github.com/goauthentik/authentik/commit/ce3f9e3763c1778bf3a16b98c95d10f4091436ab"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3822",
"review_status": "UNREVIEWED"
}
}