MEDIUM 6.5
PYSEC-2026-767
Access control issue in AlekSIS-Core
상세
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2022-29773 [ADVISORY]
- https://aleksis.org/2022-05-04_advisory.html [WEB]
- https://edugit.org/AlekSIS/official/AlekSIS-Core [PACKAGE]
- https://edugit.org/AlekSIS/official/AlekSIS-Core/-/commit/0d39d5f566e1d916e3c8dedd3f5bd62161f30bd8 [WEB]
- https://edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/688 [WEB]
- https://edugit.org/AlekSIS/official/AlekSIS-Core/-/merge_requests/1011 [WEB]
- https://pypi.org/project/aleksis-core [PACKAGE]
- https://github.com/advisories/GHSA-76x2-h8h3-cwjg [ADVISORY]