CVE-2024-21637
CVSS V2 None
CVSS V3 None
Description
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.
Overview
- CVE ID
- CVE-2024-21637
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-11T05:49:44.123Z
- Last Modified Date
- 2024-01-11T05:49:44.123Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j | x_refsource_CONFIRM |
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6 | x_refsource_MISC |
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21637 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21637 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 15:32:44 | Added to TrackCVE |