authentik fixed vulnerability in OAuth2 provider allowing malicious redirect URIs
CVE-2024-52289

7.9HIGH

Key Information:

Vendor: Goauthentik
Status: Authentik
Vendor: CVE Published:; 21 November 2024

🔔 Create Goauthentik Vulnerability Alert

What is CVE-2024-52289?

Authentik is an open-source identity provider with a vulnerability in its OAuth2 provider's handling of Redirect URIs. When no Redirect URIs are set for a provider, authentik defaults to using the first redirect_uri value it receives. Unfortunately, this process lacks proper escaping for characters that hold special meaning in Regular Expressions. For instance, an attacker could exploit this flaw by registering a domain like fooaexample.com which would erroneously pass the regex validation check when set against a legitimate redirect_uri, such as https://foo.example.com. This issue is not documented adequately, potentially misleading users. To mitigate this vulnerability, users are advised to escape any wildcard characters, such as replacing . with \. when configuring OAuth2 providers.

Affected Version(s)

authentik < 2024.8.5 < 2024.8.5

authentik >= 2024.10.0-rc1, < 2024.10.3 < 2024.10.0-rc1, 2024.10.3

References

https://github.com/goauthentik/authentik/security/advisor...

x_refsource_CONFIRM

https://github.com/goauthentik/authentik/commit/85bb63824...

x_refsource_MISC

CVSS V4

Score:

7.9

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 21, 2024

JSON