Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-29456
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Authelia allows open redirects on the logout endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain, including potentially malicious sites. This security issue does not directly impact the security of the web application itself. As a workaround, one can use a reverse proxy to strip the query parameter from the affected endpoint. There is a patch for version 4.28.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Github authelia 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Github authelia是美国Github公司的一个应用软件。一个开源身份验证和授权服务器,可通过Web门户为应用程序提供2要素身份验证和单点登录(SSO)。 Authelia 4.27.4版本及之前版本存在输入验证错误漏洞,攻击者可利用该漏洞可以利用HTTP查询参数将用户从web应用程序重定向到任何域,包括潜在的恶意站点。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
autheliaauthelia <= 4.27.4 -
II. Public POCs for CVE-2021-29456
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-29456
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: authelia
Same vendor: authelia
Same weakness: CWE-601
V. Comments for CVE-2021-29456

No comments yet

Leave a comment