A vulnerability classified as problematic has been found in ory kratos up to 1.2.x. Affected is an unknown function. The manipulation of the argument available_aal leads to information disclosure.
This vulnerability is traded as CVE-2024-45042. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.