Clems4Ever

Name of the Vulnerable Software and Affected Versions: Authelia versions 4.27.4 and earlier Description: The issue allows an attacker to redirect users from the web application to any domain, including potentially malicious sites, by utilizing a HTTP query parameter. This does not directly impact the security of the web application itself but can be used for phishing attempts, making them seem more trustworthy. The attacker can redirect users to malicious sites, taking advantage of the user's familiarity with the initial site and the actual URL. Recommendations: For versions 4.27.4 and earlier, update to version 4.28.0, which includes a patch for this issue. As a temporary workaround, consider using a reverse proxy to strip the query parameter from the affected endpoint.