CVE-2024-52289

Nov. 21, 2024, 6:15 p.m.

None
No Score

Description

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as an allowed redirect URI, without escaping characters that have a special meaning in RegEx. Similarly, the documentation did not take this into consideration either. Given a provider with the Redirect URIs set to https://foo.example.com, an attacker can register a domain fooaexample.com, and it will correctly pass validation. authentik 2024.8.5 and 2024.10.3 fix this issue. As a workaround, When configuring OAuth2 providers, make sure to escape any wildcard characters that are not intended to function as a wildcard, for example replace `.` with `\.`.

Product(s) Impacted

Product Versions
authentik
  • 2024.8.5
  • 2024.10.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-185
Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.

References

https://github.com/goauthentik/authentik/commit/85bb638243c8d7ea42ddd3b15b3f51a90d2b8c54
https://github.com/goauthentik/authentik/security/advisories/GHSA-3q5w-6m3x-64gj

Tags

security-advisories@github.com
CWE-185
2024-11-21
CVE-2024-52289

Timeline

Published: Nov. 21, 2024, 6:15 p.m.
Last Modified: Nov. 21, 2024, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.