How severe is CVE-2022-46172?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2022-46172?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2022-46172

MEDIUM Year: 2022

CVSS v3 Score

6.4

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create new accounts by themselves. This may also affect other applications as these new basic accounts would exist throughout the SSO infrastructure. By default the newly created accounts cannot be logged into as no password reset exists by default. However password resets are likely to be enabled by most installations. This vulnerability pertains to the user context used in the default-user-settings-flow, /api/v3/flows/instances/default-user-settings-flow/execute/. This issue has been fixed in versions 2022.10.4 and 2022.11.4.

CVE-2023-50726

MEDIUM

CVSS:6.4(Medium)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defi...

CWE-2692023

CVE-2024-25990

MEDIUM

CVSS:6.4(Medium)

In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execut...

CWE-2692024

CVE-2024-41949

MEDIUM

CVSS:6.4(Medium)

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token ...

CWE-2692024

CVE-2025-22621

MEDIUM

CVSS:6.4(Medium)

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could ...

CWE-2692025

CVE-2013-2625

MEDIUM

CVSS:6.5(Medium)

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking ...

CWE-2692013

CVE-2015-5071

MEDIUM

CVSS:6.5(Medium)

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of t...

CWE-2692015

CVE-2022-46172

Vulnerability Description

Related Vulnerabilities

CVE-2023-50726

CVE-2024-25990

CVE-2024-41949

CVE-2025-22621

CVE-2013-2625

CVE-2015-5071