Описание
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with response_mode=form_post. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.
Ссылки
- Patch
- Patch
- MitigationThird Party Advisory
- Patch
- Patch
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2023.8.0 (включая) до 2023.8.6 (исключая)Версия от 2023.10.0 (включая) до 2023.10.6 (исключая)
Одно из
cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*
cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00164
Низкий
7.6 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 38%
0.00164
Низкий
7.6 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79