CVE-2024-11623

Medium CVSS: 4.8

Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons.
This action could only be performed by an authenticated admin user.
The issue was fixed in 2024.10.4 release.

Vendor

Goauthentik

Product

Authentik

CWE

CWE-79

Yayın Tarihi

2025-02-04 14:15:30

Güncelleme

2025-08-21 18:41:13

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Authentik MEDIUM Goauthentik 2025

Referanslar

https://cert.pl/en/posts/2025/02/CVE-2024-11623/ https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability https://github.com/goauthentik/authentik/pull/12092

Benzer Kayıtlar

Critical

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using de…

High

CVE-2026-25748

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible…

High

CVE-2026-25922

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source tha…

Medium

CVE-2025-64521

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client…

Medium

CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions,…

High

CVE-2025-53942

authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set o…