CVE-2024-52289

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.8.5 authentik version 2024.8.5 and 2024.10.3 are not affected, but all versions prior to 2024.8.5 are vulnerable. However, the correct interpretation is that versions prior to 2024.8.5 are affected.

Corrected version: authentik versions prior to 2024.8.5

Description The issue concerns authentik, an open-source identity provider. In the OAuth2 provider, Redirect URIs are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik automatically uses the first redirect uri value received as an allowed redirect URI without escaping characters that have a special meaning in RegEx. This allows an attacker to bypass redirect URI validation. For example, given a provider with the Redirect URIs set to https://foo.example.com, an attacker can register a domain fooaexample.com, which will pass validation.

Recommendations For versions prior to 2024.8.5, upgrade to version 2024.8.5 or 2024.10.3 to resolve the issue. As a temporary workaround, when configuring OAuth2 providers, make sure to escape any wildcard characters that are not intended to function as a wildcard, for example, replace . with ..