CVE-2022-46145

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-46145
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46145.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46145
Aliases
  • GHSA-mjfw-54m5-fvjf
Published
2022-12-02T18:15:12Z
Modified
2024-05-30T03:53:08.604770Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the default-user-settings-flow flow with the contents return request.user.is_authenticated.

References

Affected packages

Git / github.com/goauthentik/authentik

Affected ranges

Type
GIT
Repo
https://github.com/goauthentik/authentik
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

version/0.*

version/0.0.10-alpha
version/0.0.11-alpha
version/0.0.12-alpha
version/0.0.13-alpha
version/0.0.2-alpha
version/0.0.3-alpha
version/0.0.4-alpha
version/0.0.5-alpha
version/0.0.6-alpha
version/0.0.7-alpha
version/0.0.8-alpha
version/0.0.9-alpha
version/0.1.0-beta
version/0.1.1-beta
version/0.1.10-beta
version/0.1.11-beta
version/0.1.12-beta
version/0.1.13-beta
version/0.1.14-beta
version/0.1.15-beta
version/0.1.16-beta
version/0.1.17-beta
version/0.1.18-beta
version/0.1.19-beta
version/0.1.2-beta
version/0.1.20-beta
version/0.1.21-beta
version/0.1.22-beta
version/0.1.23-beta
version/0.1.24-beta
version/0.1.25-beta
version/0.1.26-beta
version/0.1.27-beta
version/0.1.28-beta
version/0.1.29-beta
version/0.1.3-beta
version/0.1.30-beta
version/0.1.31-beta
version/0.1.32-beta
version/0.1.33-beta
version/0.1.34-beta
version/0.1.35-beta
version/0.1.36-beta
version/0.1.37-beta
version/0.1.38-beta
version/0.1.4-beta
version/0.1.5-beta
version/0.1.6-beta
version/0.1.7-beta
version/0.1.8-beta
version/0.1.9-beta
version/0.10.0-rc1
version/0.10.0-rc2
version/0.10.0-rc3
version/0.10.0-rc4
version/0.10.0-rc5
version/0.10.0-rc6
version/0.10.0-stable
version/0.10.1-stable
version/0.10.2-stable
version/0.10.3-stable
version/0.10.4-stable
version/0.10.5-stable
version/0.10.6-stable
version/0.10.7-stable
version/0.10.8-stable
version/0.10.9-stable
version/0.11.0-stable
version/0.12.0-stable
version/0.12.1-stable
version/0.12.10-stable
version/0.12.11-stable
version/0.12.2-stable
version/0.12.3-stable
version/0.12.4-stable
version/0.12.5-stable
version/0.12.6-stable
version/0.12.7-stable
version/0.12.8-stable
version/0.12.9-stable
version/0.13.0-rc1
version/0.13.0-rc2
version/0.13.0-rc3
version/0.13.0-rc4
version/0.13.0-stable
version/0.13.1-stable
version/0.13.2-stable
version/0.13.3-stable
version/0.2.0-beta
version/0.2.1-beta
version/0.2.2-beta
version/0.2.3-beta
version/0.2.4-beta
version/0.2.5-beta
version/0.2.6-beta
version/0.2.7-beta
version/0.2.8-beta
version/0.3.0-beta
version/0.4.0-beta
version/0.4.1-beta
version/0.4.2-beta
version/0.5.0-beta
version/0.6.0-beta
version/0.6.1-beta
version/0.6.10-beta
version/0.6.11-beta
version/0.6.2-beta
version/0.6.3-beta
version/0.6.4-beta
version/0.6.5-beta
version/0.6.6-beta
version/0.6.7-beta
version/0.6.8-beta
version/0.6.9-beta
version/0.7.0-beta
version/0.7.1-beta
version/0.7.10-beta
version/0.7.11-beta
version/0.7.12-beta
version/0.7.13-beta
version/0.7.14-beta
version/0.7.15-beta
version/0.7.16-beta
version/0.7.17-beta
version/0.7.2-beta
version/0.7.3-beta
version/0.7.4-beta
version/0.7.5-beta
version/0.7.6-beta
version/0.7.7-beta
version/0.7.8-beta
version/0.7.9-beta
version/0.8.0-beta
version/0.8.1-beta
version/0.8.10-beta
version/0.8.11-beta
version/0.8.12-beta
version/0.8.14-beta
version/0.8.15-beta
version/0.8.2-beta
version/0.8.3-beta
version/0.8.4-beta
version/0.8.5-beta
version/0.8.6-beta
version/0.8.7-beta
version/0.8.8-beta
version/0.8.9-beta
version/0.9.0-pre1
version/0.9.0-pre2
version/0.9.0-pre3
version/0.9.0-pre4
version/0.9.0-pre5
version/0.9.0-pre6
version/0.9.0-pre7
version/0.9.0-rc1
version/0.9.0-rc2
version/0.9.0-stable

version/2021.*

version/2021.1.1-rc1
version/2021.1.1-rc2
version/2021.1.1-stable
version/2021.1.2-stable
version/2021.1.3-stable
version/2021.1.4-stable
version/2021.10.1
version/2021.10.1-rc1
version/2021.10.1-rc2
version/2021.10.1-rc3
version/2021.10.2
version/2021.10.3
version/2021.10.4
version/2021.12.1
version/2021.12.1-rc1
version/2021.12.1-rc2
version/2021.12.1-rc3
version/2021.12.1-rc4
version/2021.12.1-rc5
version/2021.12.2
version/2021.12.3
version/2021.12.4
version/2021.12.5
version/2021.2.1-rc1
version/2021.2.1-rc2
version/2021.2.1-stable
version/2021.2.2-stable
version/2021.2.3-stable
version/2021.2.4-stable
version/2021.2.5-stable
version/2021.2.6-stable
version/2021.3.1
version/2021.3.1-rc1
version/2021.3.1-rc2
version/2021.3.2
version/2021.3.3
version/2021.3.4
version/2021.4.1
version/2021.4.1-rc1
version/2021.4.1-rc2
version/2021.4.2
version/2021.4.3
version/2021.4.4
version/2021.4.5
version/2021.5.1
version/2021.5.1-rc1
version/2021.5.1-rc10
version/2021.5.1-rc2
version/2021.5.1-rc3
version/2021.5.1-rc4
version/2021.5.1-rc5
version/2021.5.1-rc6
version/2021.5.1-rc7
version/2021.5.1-rc8
version/2021.5.1-rc9
version/2021.5.2
version/2021.5.3
version/2021.5.4
version/2021.6.1
version/2021.6.1-rc1
version/2021.6.1-rc2
version/2021.6.1-rc3
version/2021.6.1-rc4
version/2021.6.1-rc5
version/2021.6.1-rc6
version/2021.6.2
version/2021.6.3
version/2021.6.4
version/2021.7.1
version/2021.7.1-rc1
version/2021.7.1-rc2
version/2021.7.2
version/2021.7.3
version/2021.8.1
version/2021.8.1-rc1
version/2021.8.1-rc2
version/2021.8.2
version/2021.8.3
version/2021.8.4
version/2021.9.1
version/2021.9.1-rc1
version/2021.9.1-rc2
version/2021.9.1-rc3
version/2021.9.2
version/2021.9.3
version/2021.9.4
version/2021.9.5
version/2021.9.6
version/2021.9.7
version/2021.9.8

version/2022.*

version/2022.1.1
version/2022.1.2
version/2022.1.3
version/2022.1.4
version/2022.1.5
version/2022.10.0
version/2022.10.1
version/2022.2.1
version/2022.3.1
version/2022.3.2
version/2022.3.3
version/2022.4.1
version/2022.5.1
version/2022.5.2
version/2022.5.3
version/2022.6.1
version/2022.6.2
version/2022.6.3
version/2022.7.1
version/2022.7.2
version/2022.7.3
version/2022.8.1
version/2022.8.2
version/2022.9.0