[aleksis-core] Access control issue in AlekSIS-Core

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-29773
• https://edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/688
• https://edugit.org/AlekSIS/official/AlekSIS-Core/-/commit/0d39d5f566e1d916e3c8dedd3f5bd62161f30bd8
• https://edugit.org/AlekSIS/official/AlekSIS-Core/-/merge_requests/1011
• https://github.com/advisories/GHSA-76×2-h8h3-cwjg