{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T21:17:15.228","vulnerabilities":[{"cve":{"id":"CVE-2024-21637","sourceIdentifier":"security-advisories@github.com","published":"2024-01-11T06:15:43.787","lastModified":"2024-11-21T08:54:46.537","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6."},{"lang":"es","value":"Authentik es un proveedor de identidades de código abierto. Authentik es afectado por una vulnerabilidad de cross site scripting reflejada a través de URI de JavaScript en flujos de OpenID Connect con `response_mode=form_post`. Este relativamente usuario podría utilizar los ataques descritos para realizar una escalada de privilegios. Esta vulnerabilidad ha sido parcheada en las versiones 2023.10.6 y 2023.8.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.8.0","versionEndExcluding":"2023.8.6","matchCriteriaId":"C8E5FE79-9C41-42C8-89BA-F977B5571297"},{"vulnerable":true,"criteria":"cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.10.0","versionEndExcluding":"2023.10.6","matchCriteriaId":"7322058A-9785-441A-949B-79DB9354CB73"}]}]}],"references":[{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}