CVE-2024-11623 - Vulnerability Details - OpenCVE

Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. This action could only be performed by an authenticated admin user. The issue was fixed in 2024.10.4 release.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://cert.pl/en/posts/2025/02/CVE-2024-11623/
https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability
https://github.com/goauthentik/authentik/pull/12092

History

Wed, 12 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 04 Feb 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. This action could only be performed by an authenticated admin user. The issue was fixed in 2024.10.4 release.
Title		Stored XSS in authentik
Weaknesses		CWE-79
References		https://cert.pl/en/posts/2025/02/CVE-2024-11623/ https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability https://github.com/goauthentik/authentik/pull/12092
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2025-02-04T13:34:11.029Z

Updated: 2025-02-12T17:10:12.746Z

Reserved: 2024-11-22T15:12:36.191Z

Link: CVE-2024-11623

Vulnrichment

Updated: 2025-02-12T17:09:55.312Z

NVD

Status : Received

Published: 2025-02-04T14:15:30.480

Modified: 2025-02-04T14:15:30.480

Link: CVE-2024-11623

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11623", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-11-22T15:12:36.191Z", "datePublished": "2025-02-04T13:34:11.029Z", "dateUpdated": "2025-02-12T17:10:12.746Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "authentik", "repo": "https://github.com/goauthentik/authentik", "vendor": "goauthentik", "versions": [{"lessThan": "2024.10.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Daniel Basta (NASK-PIB)"}], "datePublic": "2025-02-04T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. <br>This action could only be performed by an authenticated admin user.<br>The issue was fixed in 2024.10.4 release."}], "value": "Authentik project is vulnerable to Stored XSS attacks through\u00a0uploading crafted SVG files that are used as application icons.\u00a0\nThis action could only be performed by an authenticated admin user.\nThe issue was fixed in\u00a02024.10.4 release."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-02-04T13:34:11.029Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability"}, {"tags": ["patch"], "url": "https://github.com/goauthentik/authentik/pull/12092"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/"}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS in authentik", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T14:05:36.465208Z", "id": "CVE-2024-11623", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T17:10:12.746Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11623", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-04T14:05:36.465208Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T17:09:55.312Z"}}], "cna": {"title": "Stored XSS in authentik", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Daniel Basta (NASK-PIB)"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/goauthentik/authentik", "vendor": "goauthentik", "product": "authentik", "versions": [{"status": "affected", "version": "0", "lessThan": "2024.10.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-02-04T11:00:00.000Z", "references": [{"url": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability", "tags": ["vendor-advisory"]}, {"url": "https://github.com/goauthentik/authentik/pull/12092", "tags": ["patch"]}, {"url": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authentik project is vulnerable to Stored XSS attacks through\u00a0uploading crafted SVG files that are used as application icons.\u00a0\nThis action could only be performed by an authenticated admin user.\nThe issue was fixed in\u00a02024.10.4 release.", "supportingMedia": [{"type": "text/html", "value": "Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. <br>This action could only be performed by an authenticated admin user.<br>The issue was fixed in 2024.10.4 release.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-02-04T13:34:11.029Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11623", "state": "PUBLISHED", "dateUpdated": "2025-02-12T17:10:12.746Z", "dateReserved": "2024-11-22T15:12:36.191Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2025-02-04T13:34:11.029Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authentik project is vulnerable to Stored XSS attacks through\u00a0uploading crafted SVG files that are used as application icons.\u00a0\nThis action could only be performed by an authenticated admin user.\nThe issue was fixed in\u00a02024.10.4 release."}], "id": "CVE-2024-11623", "lastModified": "2025-02-04T14:15:30.480", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2025-02-04T14:15:30.480", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2025/02/CVE-2024-11623/"}, {"source": "cvd@cert.pl", "url": "https://docs.goauthentik.io/docs/security/audits-and-certs/2024-11-cobalt#svg-images-for-icons-possible-xss-vulnerability"}, {"source": "cvd@cert.pl", "url": "https://github.com/goauthentik/authentik/pull/12092"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cvd@cert.pl", "type": "Secondary"}]}