CVE-2024-21637 - Vulnerability Details - OpenCVE

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Goauthentik	Authentik

Configuration 1 [-]

OR	cpe:2.3:a:goauthentik:authentik::::::::
	cpe:2.3:a:goauthentik:authentik::::::::

No data.

References

Link	Providers
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6
https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6
https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j

History

Tue, 17 Jun 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-11T05:49:44.123Z

Updated: 2025-06-17T21:09:15.907Z

Reserved: 2023-12-29T03:00:44.957Z

Link: CVE-2024-21637

Vulnrichment

Updated: 2025-06-17T21:06:54.961Z

NVD

Status : Modified

Published: 2024-01-11T06:15:43.787

Modified: 2024-11-21T08:54:46.537

Link: CVE-2024-21637

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21637", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.957Z", "datePublished": "2024-01-11T05:49:44.123Z", "dateUpdated": "2025-06-17T21:09:15.907Z"}, "containers": {"cna": {"title": "XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}], "affected": [{"vendor": "goauthentik", "product": "authentik", "versions": [{"version": "<= 2023.10.5", "status": "affected"}, {"version": "<= 2023.8.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T05:49:44.123Z"}, "descriptions": [{"lang": "en", "value": "Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6."}], "source": {"advisory": "GHSA-rjpr-7w8c-gv3j", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.087Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-11T15:41:43.872045Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:09:15.907Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21637", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.957Z", "datePublished": "2024-01-11T05:49:44.123Z", "dateUpdated": "2024-08-01T22:27:36.087Z"}, "containers": {"cna": {"title": "XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}], "affected": [{"vendor": "goauthentik", "product": "authentik", "versions": [{"version": "<= 2023.10.5", "status": "affected"}, {"version": "<= 2023.8.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T05:49:44.123Z"}, "descriptions": [{"lang": "en", "value": "Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6."}], "source": {"advisory": "GHSA-rjpr-7w8c-gv3j", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-11T15:41:43.872045Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-06-17T21:06:54.961Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8E5FE79-9C41-42C8-89BA-F977B5571297", "versionEndExcluding": "2023.8.6", "versionStartIncluding": "2023.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", "matchCriteriaId": "7322058A-9785-441A-949B-79DB9354CB73", "versionEndExcluding": "2023.10.6", "versionStartIncluding": "2023.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6."}, {"lang": "es", "value": "Authentik es un proveedor de identidades de c\u00f3digo abierto. Authentik es afectado por una vulnerabilidad de cross site scripting reflejada a trav\u00e9s de URI de JavaScript en flujos de OpenID Connect con `response_mode=form_post`. Este relativamente usuario podr\u00eda utilizar los ataques descritos para realizar una escalada de privilegios. Esta vulnerabilidad ha sido parcheada en las versiones 2023.10.6 y 2023.8.6."}], "id": "CVE-2024-21637", "lastModified": "2024-11-21T08:54:46.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-11T06:15:43.787", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}