Description
authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/, /api/v3/crypto/certificatekeypairs/<uuid>/view_private_key/, and /api/v3/.../used_by/. Note that all of the affected API endpoints require the knowledge of the ID of an object, which especially for certificates is not accessible to an unprivileged user. Additionally the IDs for most objects are UUIDv4, meaning they are not easily guessable/enumerable. authentik 2024.4.4, 2024.6.4 and 2024.8.0 fix this issue.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/goauthentik/authentik/security/advisories/GHSA-qxqc-27pr-wgc8
Patch x_refsource_misc
https://github.com/goauthentik/authentik/commit/19318d4c00bb02c4ec3c4f8f15ac2e1dbe8d846c
Scores
CVSS v3
7.5
EPSS
0.0146
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (2)
Go/goauthentik.io
2024.6.0-rc1 - 2024.6.4Go
goauthentik/authentik
< 2024.4.4
Published
Aug 22, 2024
Tracked Since
Feb 18, 2026