CVE-2024-21637 - Vulnerability Details - OpenCVE

ReportizFlow

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Goauthentik	Authentik

Configuration 1 [-]

OR	cpe:2.3:a:goauthentik:authentik::::::::
	cpe:2.3:a:goauthentik:authentik::::::::

No data.

References

Link	Providers
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6
https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-11T05:49:44.123Z

Updated: 2024-08-01T22:27:36.087Z

Reserved: 2023-12-29T03:00:44.957Z

Link: CVE-2024-21637

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-11T06:15:43.787

Modified: 2024-11-21T08:54:46.537

Link: CVE-2024-21637

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21637", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.957Z", "datePublished": "2024-01-11T05:49:44.123Z", "dateUpdated": "2024-08-01T22:27:36.087Z"}, "containers": {"cna": {"title": "XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}], "affected": [{"vendor": "goauthentik", "product": "authentik", "versions": [{"version": "<= 2023.10.5", "status": "affected"}, {"version": "<= 2023.8.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T05:49:44.123Z"}, "descriptions": [{"lang": "en", "value": "Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6."}], "source": {"advisory": "GHSA-rjpr-7w8c-gv3j", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.087Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8E5FE79-9C41-42C8-89BA-F977B5571297", "versionEndExcluding": "2023.8.6", "versionStartIncluding": "2023.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", "matchCriteriaId": "7322058A-9785-441A-949B-79DB9354CB73", "versionEndExcluding": "2023.10.6", "versionStartIncluding": "2023.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6."}, {"lang": "es", "value": "Authentik es un proveedor de identidades de c\u00f3digo abierto. Authentik es afectado por una vulnerabilidad de cross site scripting reflejada a trav\u00e9s de URI de JavaScript en flujos de OpenID Connect con `response_mode=form_post`. Este relativamente usuario podr\u00eda utilizar los ataques descritos para realizar una escalada de privilegios. Esta vulnerabilidad ha sido parcheada en las versiones 2023.10.6 y 2023.8.6."}], "id": "CVE-2024-21637", "lastModified": "2024-11-21T08:54:46.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-01-11T06:15:43.787", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}, {"source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}