BIT-authentik-2024-11623

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/authentik/BIT-authentik-2024-11623.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-authentik-2024-11623

Aliases

CVE-2024-11623

Published

2026-04-16T23:36:09.282Z

Modified

2026-04-17T04:46:55.827272Z

Summary

Stored XSS in authentik

Details

Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. This action could only be performed by an authenticated admin user. The issue was fixed in 2024.10.4 release.

Database specific

{
    "cpes": [
        "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / authentik

Package

Name: authentik
Purl: pkg:bitnami/authentik

Severity

4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2024.10.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/authentik/BIT-authentik-2024-11623.json"