CVE-2022-46145

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://goauthentik.io/docs/releases/2022.11#fixed-in-2022112	Release Notes Vendor Advisory
https://goauthentik.io/docs/releases/2022.10#fixed-in-2022102	Release Notes Vendor Advisory
https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf	Mitigation Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:goauthentik:authentik::::::::
	cpe:2.3:a:goauthentik:authentik::::::::

Information

Published : 2022-12-02 10:15

Updated : 2022-12-06 04:23

NVD link : CVE-2022-46145

Mitre link : CVE-2022-46145

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

goauthentik

authentik

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://goauthentik.io/docs/releases/2022.11#fixed-in-2022112", "name": "https://goauthentik.io/docs/releases/2022.11#fixed-in-2022112", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://goauthentik.io/docs/releases/2022.10#fixed-in-2022102", "name": "https://goauthentik.io/docs/releases/2022.10#fixed-in-2022102", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf", "name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf", "tags": ["Mitigation", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-46145", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-12-02T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2022.11.2", "versionStartIncluding": "2022.11"}, {"cpe23Uri": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2022.10.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-06T12:23Z"}