CVE-2024-11623

Published Feb 4, 2025

Last updated 24 days ago

CVSS medium 4.8

Overview

Description
Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons.  This action could only be performed by an authenticated admin user. The issue was fixed in 2024.10.4 release.
Source
cvd@cert.pl
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
4.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

cvd@cert.pl
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-11623 Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons.  This action could only be performed by … https://t.co/gREEgMfgMw

    @CVEnew

    4 Feb 2025

    273 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References