What is CVE-2024-21637?

CVE-2024-21637 is a high-severity vulnerability in Goauthentik Authentik, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2024-01-11.

How severe is CVE-2024-21637?

High severity. CVSS v3 base score is 7.7 out of 10.

XSS in Goauthentik Authentik

CVE-2024-21637

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the descr…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (37.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Goauthentik Authentik — versions <= 2023.10.5, <= 2023.8.5

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j (x_refsource_CONFIRM)
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6 (x_refsource_MISC)
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-21637?: CVE-2024-21637 is a high-severity vulnerability in Goauthentik Authentik, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2024-01-11.
How severe is CVE-2024-21637?: High severity. CVSS v3 base score is 7.7 out of 10.