Description
authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs/
References
https://github.com/goauthentik/authentik/security/advisories/GHSA-qxqc-27pr-wgc8
https://github.com/goauthentik/authentik/commit/19318d4c00bb02c4ec3c4f8f15ac2e1dbe8d846c
https://github.com/goauthentik/authentik/commit/359b343f51524342a5ca03828e7c975a1d654b11