CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-29456

MEDIUM
5.7
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile40.55th
Published2021年4月21日
Last Modified2024年11月21日

Vulnerability Description

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain, including potentially malicious sites. This security issue does not directly impact the security of the web application itself. As a workaround, one can use a reverse proxy to strip the query parameter from the affected endpoint. There is a patch for version 4.28.0.

Affected Platforms (CPE)

📦
Authelia

Authelia

< 4.28.0

References & Advisories

🔗 https://github.com/authelia/authelia/security/advisories/GHSA-36f2-fcrx-fp4j
🔗 https://github.com/authelia/authelia/security/advisories/GHSA-36f2-fcrx-fp4j

関連する脆弱性情報

CVE-2021-3263710.0

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_modul...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...