CVE-2024-47077

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-47077
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47077.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47077
Aliases
Published
2024-09-27T15:26:20.683Z
Modified
2026-04-17T04:57:14.627101381Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
authentik cross-provider token validation problems
Details

authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued for one application and use it to access another application that they aren't allowed to access. Anyone who has more than one proxy provider application with different trust domains or different access control is affected. Versions 2024.8.3 and 2024.6.5 fix the issue.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47077.json",
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/goauthentik/authentik

Affected ranges

Type
GIT
Repo
https://github.com/goauthentik/authentik
Events
Introduced
ec13a5d84dc0db64888ab49deea9fd9c546f2b52
Fixed
91d2445c61da49026f76dceb7f5b524e30335a42
Database specific 
{
    "versions": [
        {
            "introduced": "2024.8.0-rc1"
        },
        {
            "fixed": "2024.8.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/goauthentik/authentik
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8469213d82243b24049b2b83e8f0a9421a42eec7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2024.6.5"
        }
    ]
}

Affected versions

version/0.*
version/0.0.10-alpha
version/0.0.11-alpha
version/0.0.12-alpha
version/0.0.13-alpha
version/0.0.2-alpha
version/0.0.3-alpha
version/0.0.4-alpha
version/0.0.5-alpha
version/0.0.6-alpha
version/0.0.7-alpha
version/0.0.8-alpha
version/0.0.9-alpha
version/0.1.0-beta
version/0.1.1-beta
version/0.1.10-beta
version/0.1.11-beta
version/0.1.12-beta
version/0.1.13-beta
version/0.1.14-beta
version/0.1.15-beta
version/0.1.16-beta
version/0.1.17-beta
version/0.1.18-beta
version/0.1.19-beta
version/0.1.2-beta
version/0.1.20-beta
version/0.1.21-beta
version/0.1.22-beta
version/0.1.23-beta
version/0.1.24-beta
version/0.1.25-beta
version/0.1.26-beta
version/0.1.27-beta
version/0.1.28-beta
version/0.1.29-beta
version/0.1.3-beta
version/0.1.30-beta
version/0.1.31-beta
version/0.1.32-beta
version/0.1.33-beta
version/0.1.34-beta
version/0.1.35-beta
version/0.1.36-beta
version/0.1.37-beta
version/0.1.38-beta
version/0.1.4-beta
version/0.1.5-beta
version/0.1.6-beta
version/0.1.7-beta
version/0.1.8-beta
version/0.1.9-beta
version/0.10.0-rc1
version/0.10.0-rc2
version/0.10.0-rc3
version/0.10.0-rc4
version/0.10.0-rc5
version/0.10.0-rc6
version/0.10.0-stable
version/0.10.1-stable
version/0.10.2-stable
version/0.10.3-stable
version/0.10.4-stable
version/0.10.5-stable
version/0.10.6-stable
version/0.10.7-stable
version/0.10.8-stable
version/0.10.9-stable
version/0.11.0-stable
version/0.12.0-stable
version/0.12.1-stable
version/0.12.10-stable
version/0.12.11-stable
version/0.12.2-stable
version/0.12.3-stable
version/0.12.4-stable
version/0.12.5-stable
version/0.12.6-stable
version/0.12.7-stable
version/0.12.8-stable
version/0.12.9-stable
version/0.13.0-rc1
version/0.13.0-rc2
version/0.13.0-rc3
version/0.13.0-rc4
version/0.13.0-stable
version/0.13.1-stable
version/0.13.2-stable
version/0.13.3-stable
version/0.2.0-beta
version/0.2.1-beta
version/0.2.2-beta
version/0.2.3-beta
version/0.2.4-beta
version/0.2.5-beta
version/0.2.6-beta
version/0.2.7-beta
version/0.2.8-beta
version/0.3.0-beta
version/0.4.0-beta
version/0.4.1-beta
version/0.4.2-beta
version/0.5.0-beta
version/0.6.0-beta
version/0.6.1-beta
version/0.6.2-beta
version/0.6.3-beta
version/0.7.0-beta
version/0.7.1-beta
version/0.7.10-beta
version/0.7.11-beta
version/0.7.12-beta
version/0.7.13-beta
version/0.7.14-beta
version/0.7.15-beta
version/0.7.16-beta
version/0.7.17-beta
version/0.7.2-beta
version/0.7.3-beta
version/0.7.4-beta
version/0.7.5-beta
version/0.7.6-beta
version/0.7.7-beta
version/0.7.8-beta
version/0.7.9-beta
version/0.8.0-beta
version/0.8.1-beta
version/0.8.10-beta
version/0.8.11-beta
version/0.8.12-beta
version/0.8.14-beta
version/0.8.15-beta
version/0.8.2-beta
version/0.8.3-beta
version/0.8.4-beta
version/0.8.5-beta
version/0.8.6-beta
version/0.8.7-beta
version/0.8.8-beta
version/0.8.9-beta
version/0.9.0-pre1
version/0.9.0-pre2
version/0.9.0-pre3
version/0.9.0-pre4
version/0.9.0-pre5
version/0.9.0-pre6
version/0.9.0-pre7
version/0.9.0-rc1
version/0.9.0-rc2
version/0.9.0-stable
version/2021.*
version/2021.1.1-rc1
version/2021.1.1-rc2
version/2021.1.1-stable
version/2021.1.2-stable
version/2021.1.3-stable
version/2021.10.1-rc3
version/2021.10.3
version/2021.10.4
version/2021.12.1
version/2021.12.1-rc1
version/2021.12.1-rc2
version/2021.12.1-rc3
version/2021.12.1-rc4
version/2021.12.1-rc5
version/2021.12.2
version/2021.12.3
version/2021.12.4
version/2021.12.5
version/2021.2.2-stable
version/2021.2.3-stable
version/2021.3.1
version/2021.3.1-rc1
version/2021.3.1-rc2
version/2021.3.2
version/2021.3.3
version/2021.3.4
version/2021.4.1
version/2021.4.1-rc1
version/2021.4.1-rc2
version/2021.5.1
version/2021.5.1-rc10
version/2021.5.1-rc8
version/2021.5.1-rc9
version/2021.5.2
version/2021.6.1
version/2021.6.1-rc1
version/2021.6.1-rc2
version/2021.6.1-rc3
version/2021.6.1-rc4
version/2021.6.3
version/2021.6.4
version/2021.7.1
version/2021.7.1-rc1
version/2021.8.1
version/2021.8.1-rc2
version/2021.8.2
version/2021.8.3
version/2021.8.4
version/2021.9.1
version/2021.9.1-rc1
version/2021.9.1-rc2
version/2021.9.1-rc3
version/2021.9.2
version/2021.9.3
version/2022.*
version/2022.1.1
version/2022.1.3
version/2022.1.4
version/2022.10.1
version/2022.12.0
version/2022.12.1
version/2022.2.1
version/2022.3.3
version/2022.4.1
version/2022.5.1
version/2022.5.2
version/2022.6.2
version/2022.7.2
version/2022.8.1
version/2022.8.2
version/2022.9.0
version/2023.*
version/2023.10.0
version/2023.2.1
version/2023.5.1
version/2023.6.0
version/2023.8.0
version/2023.8.1
version/2023.8.2
version/2024.*
version/2024.6.0
version/2024.6.0-rc1
version/2024.6.0-rc2
version/2024.6.1
version/2024.6.2
version/2024.6.3
version/2024.6.4
version/2024.8.0
version/2024.8.0-rc1
version/2024.8.0-rc2
version/2024.8.1
version/2024.8.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47077.json"