CVE-2024-47070

CRITICAL EPSS 41.7%
Published Sep 27, 20241y ago · Modified Jun 17, 20262w ago
9.0 CVSS 3.1
Critical
Find Similar
Published Sep 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. `a`. This results in a possibility of logging into any account with a known login or email address. The vulnerability requires the authentik instance to trust X-Forwarded-For header provided by the attacker, thus it is not reproducible from external hosts on a properly configured environment. The issue occurs due to the password stage having a policy bound to it, which skips the password stage if the Identification stage is setup to also contain a password stage. Due to the invalid X-Forwarded-For header, which does not get validated to be an IP Address early enough, the exception happens later and the policy fails. The default blueprint doesn't correctly set `failure_result` to `True` on the policy binding meaning that due to this exception the policy returns false and the password stage is skipped. Versions 2024.8.3 and 2024.6.5 fix this issue.

CVSS Details

Base Score
9.0
Exploitability
2.2
Impact
6.0
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
41.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 2

VendorProductVersionRange
goauthentikauthentik* <2024.6.5
goauthentikauthentik*≥2024.8.0  –  <2024.8.3

References 3

  • github.com https://github.com/goauthentik/authentik/commit/78f7b04d5a62b2a9d4316282a713c2c7857dbe29
    Patch
  • github.com https://github.com/goauthentik/authentik/commit/dd8f809161e738b25765797eb2a5c77a7d3fc2cf
    Patch
  • github.com https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7
    Vendor Advisory

Remediation

  • github.com https://github.com/goauthentik/authentik/commit/78f7b04d5a62b2a9d4316282a713c2c7857dbe29
    Patch
  • github.com https://github.com/goauthentik/authentik/commit/dd8f809161e738b25765797eb2a5c77a7d3fc2cf
    Patch