📄️ Hardening authentik
While authentik is secure out of the box, you can take steps to further increase the security of an authentik instance. As everyone knows, there is a consequential tradeoff between security and convenience. All of these hardening practices have an impact on the user experience and should only be applied knowing this tradeoff.
📄️ Security Policy
📄️ CVE-2024-52307
Reported by @mgerstner
📄️ CVE-2024-52289
Reported by @PontusHanssen
📄️ CVE-2024-52287
Reported by @matt1097
📄️ CVE-2024-47077
Reported by @quentinmit
📄️ CVE-2024-47070
Reported by @efpi-bot from LogicalTrust
📄️ CVE-2024-42490
Reported by @m2a2
📄️ CVE-2024-38371
Reported by Stefan Zwanenburg
📄️ CVE-2024-37905
Reported by @m2a2
📄️ CVE-2024-23647
Reported by @pieterphilippaerts
📄️ CVE-2024-21637
Reported by @lauritzh
📄️ CVE-2023-48228
Reported by @Sapd
📄️ GHSA-rjvp-29xq-f62w
Reported by @devSparkle
📄️ CVE-2023-39522
Reported by @markrassamni
📄️ CVE-2023-36456
Reported by @thijsa
📄️ 2023-06 Cure53 Code audit
In May/June of 2023, we had a pentest conducted by Cure53. The following security updates, 2023.4.2 and 2023.5.3 were released as a response to the found issues.
📄️ CVE-2023-26481
Reported by @fuomag9
📄️ CVE-2022-23555
Reported by @fuomag9
📄️ CVE-2022-46145
Reported by @sdimovv
📄️ CVE-2022-46172
Reported by @DreamingRaven