Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several conditions are met simultaneously. Unless both the `script-src` and `connect-src` directives have been modified it's almost impossible for this to have a meaningful impact. However if both of these are and they are done so without consideration to their potential impact; there is a are situations where this vulnerability could be exploited. This is caused to the lack of neutralization of the `langauge` cookie value when rendering the HTML template. This vulnerability is likely difficult to discover though fingerprinting due to the way Authelia is designed but it should not be considered impossible. The additional requirement to identify the secondary application is however likely to be significantly harder to identify along side this, but also likely easier to fingerprint. Users should upgrade to 4.39.16 or downgrade to 4.39.14 to mitigate the issue. The overwhelming majority of installations will not be affected and no workarounds are necessary. The default value for the Content Security Policy makes exploiting this weakness completely impossible. It's only possible via the deliberate removal of the Content Security Policy or deliberate inclusion of clearly noted unsafe policies.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Authelia 跨站脚本漏洞

Authelia是Authelia开源的一个 Web 应用程序的单点登录多因素门户。 Authelia 4.39.15版本存在跨站脚本漏洞，该漏洞源于渲染HTML模板时未对language cookie值进行中和，可能导致JavaScript注入。

N/A

N/A