Описание
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.
Ссылки
- Release Notes
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.
An issue was discovered in allauth-django before 65.13.0. Both Okta an ...
django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
EPSS
5.4 Medium
CVSS3