CVE-2024-51752

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7	Patch
https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2	Release Notes
https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:workos:authkit-nextjs:*:*:*:*:*:node.js:*:*

History

11 Dec 2025, 17:45

Type	Values Removed	Values Added
First Time		Workos authkit-nextjs
CPE	cpe:2.3:a:workos:authkit::::::node.js::*	cpe:2.3:a:workos:authkit-nextjs::::::node.js::*

10 Sep 2025, 15:47

Type	Values Removed	Values Added
First Time		Workos Workos authkit
CPE		cpe:2.3:a:workos:authkit::::::node.js::*
References	~~() https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7 -~~	() https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7 - Patch
References	~~() https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2 -~~	() https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2 - Release Notes
References	~~() https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25 -~~	() https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

06 Nov 2024, 18:17

Type	Values Removed	Values Added
Summary		(es) La librería AuthKit para Next.js ofrece ayudas prácticas para la autenticación y la gestión de sesiones mediante WorkOS y AuthKit con Next.js. En las versiones afectadas, los tokens de actualización se registran en la consola cuando se habilita la bandera `debug` (deshabilitada de forma predeterminada). Este problema se ha corregido en la versión 0.13.2 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad.

05 Nov 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-05 20:15

Updated : 2025-12-11 17:45

NVD link : CVE-2024-51752

Mitre link : CVE-2024-51752

CVE.ORG link : CVE-2024-51752

JSON object : View

Products Affected

workos

authkit-nextjs

CWE

CWE-532

Insertion of Sensitive Information into Log File

5.5 /10