DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-J8V8-G9CX-5QF4: GHSA-J8V8-G9CX-5QF4: Missing Authorization and Access Control Flaw in @better-auth/scim

GHSA-J8V8-G9CX-5QF4: Missing Authorization and Access Control Flaw in @better-auth/scim

Vulnerability ID: GHSA-J8V8-G9CX-5QF4
CVSS Score: 8.8
Published: 2026-07-07

An authorization bypass vulnerability in the @better-auth/scim plugin allows authenticated attackers to hijack personal SCIM providers and subsequently perform full account takeovers.

TL;DR

A missing authorization check in @better-auth/scim allows any logged-in user to regenerate tokens for personal SCIM providers, delete existing configurations, and use hijacked administrative privileges to manipulate and take over target user accounts.


Technical Details

  • CWE ID: CWE-862 (Missing Authorization)
  • Attack Vector: Network
  • CVSS Score: 8.8
  • Impact: Provider hijacking and Account Takeover
  • Exploit Status: none
  • KEV Status: Not listed

Affected Systems

  • Applications utilizing the @better-auth/scim plugin within the better-auth ecosystem.
  • @better-auth/scim: < 1.7.0-beta.4 (Fixed in: 1.7.0-beta.4)

Mitigation Strategies

  • Upgrade @better-auth/scim to version v1.7.0-beta.4 or higher.
  • Enable providerOwnership in the SCIM plugin configuration.
  • Manually apply database migrations to append the userId column to the scimProvider schema.
  • Implement restrictive policies in the canGenerateToken hook to limit who can generate personal SCIM integration tokens.

Remediation Steps:

  1. Identify the current version of @better-auth/scim in use.
  2. Update package dependencies to version v1.7.0-beta.4 or later.
  3. Execute database migration: ALTER TABLE "scimProvider" ADD COLUMN "userId" TEXT;
  4. Modify Better Auth initialization config to set providerOwnership.enabled to true.
  5. Restart application processes to load updated schema configurations.

References


Read the full report for GHSA-J8V8-G9CX-5QF4 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)