SB2024092798 - Multiple vulnerabilities in authentik

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2024-47070)

The vulnerability allows a remote attacker to bypass authentication and authorize as any account with a known login or email address.

The vulnerability exists due to improper authentication in authentication and authorization flows when processing an X-Forwarded-For header with an unparsable IP address. A remote attacker can send a specially crafted request with a malformed X-Forwarded-For header to bypass authentication and authorize as any account with a known login or email address.

Exploitation is possible when the X-Forwarded-For header is not correctly controlled and policies are bound to authentication or authorization flows.

2) Incorrect authorization (CVE-ID: CVE-2024-47077)

The vulnerability allows a remote user to gain unauthorized access to another application's resources.

The vulnerability exists due to incorrect authorization in the /application/o/introspect/ endpoint when validating bearer tokens during token introspection. A remote user can present an access token issued for one application to impersonate the user against another application and gain unauthorized access to another application's resources.

Remediation

Install update from vendor's website.

References

• https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7
• https://github.com/goauthentik/authentik/security/advisories/GHSA-8gfm-pr6x-pfh9