CVE-2025-68158: Authlib Missing Scope Validation
OAuth2 endpoints are missing scope validation and default scope resolution. By omitting the scope parameter or providing an invalid one, an attacker can bypass scope checks. Ensure that requests validate the scope, resolve defaults via `client.get_allowed_scope()`, and verify the result is not `None`.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2025-68158-authlib-missing-scope-validation --engine opengrepDescription
OAuth2 endpoints are missing scope validation and default scope resolution. By omitting the scope parameter or providing an invalid one, an attacker can bypass scope checks. Ensure that requests validate the scope, resolve defaults via `client.get_allowed_scope()`, and verify the result is not `None`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0