CVE-2024-21637

Description

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with response_mode\=form_post. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.

CVSS Version 3.1

nvd
CVE ID: CVE-2024-21637
Base Score: 5.4
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.3

github
CVE ID: CVE-2024-21637
Base Score: 7.6
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 1.0

Refrence: NVD MITRE

Description​

Description