Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
authentik has a forward authentication bypass with broken cookie
Vulnerability Description
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious cookie was used, none of the authentik-specific X-Authentik-* headers were set which depending on application can grant access to an attacker. authentik 2025.10.4 and 2025.12.4 fix this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
authentik 授权问题漏洞
Vulnerability Description
authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.10.4之前版本和2025.12.4之前版本存在授权问题漏洞,该漏洞源于使用畸形Cookie时可能绕过身份验证,可能导致攻击者获得访问权限。
CVSS Information
N/A
Vulnerability Type
N/A