CVE-2022-46145

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-46145

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46145.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-46145

Related

GHSA-mjfw-54m5-fvjf

Published

2022-12-02T18:15:12Z

Modified

2025-01-14T11:17:37.191281Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the default-user-settings-flow flow with the contents return request.user.is_authenticated.

References

Affected packages

Git / github.com/goauthentik/authentik

Affected ranges

Type: GIT
Repo: https://github.com/goauthentik/authentik
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a2621716714ed4aa3a3b2f772e8edfeb36b36f46

Affected versions

version/0.*

version/0.0.10-alpha

version/0.0.11-alpha

version/0.0.12-alpha

version/0.0.13-alpha

version/0.0.2-alpha

version/0.0.3-alpha

version/0.0.4-alpha

version/0.0.5-alpha

version/0.0.6-alpha

version/0.0.7-alpha

version/0.0.8-alpha

version/0.0.9-alpha

version/0.1.0-beta

version/0.1.1-beta

version/0.1.10-beta

version/0.1.11-beta

version/0.1.12-beta

version/0.1.13-beta

version/0.1.14-beta

version/0.1.15-beta

version/0.1.16-beta

version/0.1.17-beta

version/0.1.18-beta

version/0.1.19-beta

version/0.1.2-beta

version/0.1.20-beta

version/0.1.21-beta

version/0.1.22-beta

version/0.1.23-beta

version/0.1.24-beta

version/0.1.25-beta

version/0.1.26-beta

version/0.1.27-beta

version/0.1.28-beta

version/0.1.29-beta

version/0.1.3-beta

version/0.1.30-beta

version/0.1.31-beta

version/0.1.32-beta

version/0.1.33-beta

version/0.1.34-beta

version/0.1.35-beta

version/0.1.36-beta

version/0.1.37-beta

version/0.1.38-beta

version/0.1.4-beta

version/0.1.5-beta

version/0.1.6-beta

version/0.1.7-beta

version/0.1.8-beta

version/0.1.9-beta

version/0.10.0-rc1

version/0.10.0-rc2

version/0.10.0-rc3

version/0.10.0-rc4

version/0.10.0-rc5

version/0.10.0-rc6

version/0.10.0-stable

version/0.10.1-stable

version/0.10.2-stable

version/0.10.3-stable

version/0.10.4-stable

version/0.10.5-stable

version/0.10.6-stable

version/0.10.7-stable

version/0.10.8-stable

version/0.10.9-stable

version/0.11.0-stable

version/0.12.0-stable

version/0.12.1-stable

version/0.12.10-stable

version/0.12.11-stable

version/0.12.2-stable

version/0.12.3-stable

version/0.12.4-stable

version/0.12.5-stable

version/0.12.6-stable

version/0.12.7-stable

version/0.12.8-stable

version/0.12.9-stable

version/0.13.0-rc1

version/0.13.0-rc2

version/0.13.0-rc3

version/0.13.0-rc4

version/0.13.0-stable

version/0.13.1-stable

version/0.13.2-stable

version/0.13.3-stable

version/0.2.0-beta

version/0.2.1-beta

version/0.2.2-beta

version/0.2.3-beta

version/0.2.4-beta

version/0.2.5-beta

version/0.2.6-beta

version/0.2.7-beta

version/0.2.8-beta

version/0.3.0-beta

version/0.4.0-beta

version/0.4.1-beta

version/0.4.2-beta

version/0.5.0-beta

version/0.6.0-beta

version/0.6.1-beta

version/0.6.10-beta

version/0.6.11-beta

version/0.6.2-beta

version/0.6.3-beta

version/0.6.4-beta

version/0.6.5-beta

version/0.6.6-beta

version/0.6.7-beta

version/0.6.8-beta

version/0.6.9-beta

version/0.7.0-beta

version/0.7.1-beta

version/0.7.10-beta

version/0.7.11-beta

version/0.7.12-beta

version/0.7.13-beta

version/0.7.14-beta

version/0.7.15-beta

version/0.7.16-beta

version/0.7.17-beta

version/0.7.2-beta

version/0.7.3-beta

version/0.7.4-beta

version/0.7.5-beta

version/0.7.6-beta

version/0.7.7-beta

version/0.7.8-beta

version/0.7.9-beta

version/0.8.0-beta

version/0.8.1-beta

version/0.8.10-beta

version/0.8.11-beta

version/0.8.12-beta

version/0.8.14-beta

version/0.8.15-beta

version/0.8.2-beta

version/0.8.3-beta

version/0.8.4-beta

version/0.8.5-beta

version/0.8.6-beta

version/0.8.7-beta

version/0.8.8-beta

version/0.8.9-beta

version/0.9.0-pre1

version/0.9.0-pre2

version/0.9.0-pre3

version/0.9.0-pre4

version/0.9.0-pre5

version/0.9.0-pre6

version/0.9.0-pre7

version/0.9.0-rc1

version/0.9.0-rc2

version/0.9.0-stable

version/2021.*

version/2021.1.1-rc1

version/2021.1.1-rc2

version/2021.1.1-stable

version/2021.1.2-stable

version/2021.1.3-stable

version/2021.1.4-stable

version/2021.10.1

version/2021.10.1-rc1

version/2021.10.1-rc2

version/2021.10.1-rc3

version/2021.10.2

version/2021.10.3

version/2021.10.4

version/2021.12.1

version/2021.12.1-rc1

version/2021.12.1-rc2

version/2021.12.1-rc3

version/2021.12.1-rc4

version/2021.12.1-rc5

version/2021.12.2

version/2021.12.3

version/2021.12.4

version/2021.12.5

version/2021.2.1-rc1

version/2021.2.1-rc2

version/2021.2.1-stable

version/2021.2.2-stable

version/2021.2.3-stable

version/2021.2.4-stable

version/2021.2.5-stable

version/2021.2.6-stable

version/2021.3.1

version/2021.3.1-rc1

version/2021.3.1-rc2

version/2021.3.2

version/2021.3.3

version/2021.3.4

version/2021.4.1

version/2021.4.1-rc1

version/2021.4.1-rc2

version/2021.4.2

version/2021.4.3

version/2021.4.4

version/2021.4.5

version/2021.5.1

version/2021.5.1-rc1

version/2021.5.1-rc10

version/2021.5.1-rc2

version/2021.5.1-rc3

version/2021.5.1-rc4

version/2021.5.1-rc5

version/2021.5.1-rc6

version/2021.5.1-rc7

version/2021.5.1-rc8

version/2021.5.1-rc9

version/2021.5.2

version/2021.5.3

version/2021.5.4

version/2021.6.1

version/2021.6.1-rc1

version/2021.6.1-rc2

version/2021.6.1-rc3

version/2021.6.1-rc4

version/2021.6.1-rc5

version/2021.6.1-rc6

version/2021.6.2

version/2021.6.3

version/2021.6.4

version/2021.7.1

version/2021.7.1-rc1

version/2021.7.1-rc2

version/2021.7.2

version/2021.7.3

version/2021.8.1

version/2021.8.1-rc1

version/2021.8.1-rc2

version/2021.8.2

version/2021.8.3

version/2021.8.4

version/2021.9.1

version/2021.9.1-rc1

version/2021.9.1-rc2

version/2021.9.1-rc3

version/2021.9.2

version/2021.9.3

version/2021.9.4

version/2021.9.5

version/2021.9.6

version/2021.9.7

version/2021.9.8

version/2022.*

version/2022.1.1

version/2022.1.2

version/2022.1.3

version/2022.1.4

version/2022.1.5

version/2022.10.0

version/2022.10.1

version/2022.2.1

version/2022.3.1

version/2022.3.2

version/2022.3.3

version/2022.4.1

version/2022.5.1

version/2022.5.2

version/2022.5.3

version/2022.6.1

version/2022.6.2

version/2022.6.3

version/2022.7.1

version/2022.7.2

version/2022.7.3

version/2022.8.1

version/2022.8.2

version/2022.9.0