cvedb.io
CVE-2024-52289
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2024-11-21T18:15:12.060 · Last modified 2026-06-17T08:06:56.863

Summary

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as an allowed redirect URI, without escaping characters that have a special meaning in RegEx. Similarly, the documentation did not take this into consideration either. Given a provider with the Redirect URIs set to https://foo.example.com, an attacker can register a domain fooaexample.com, and it will correctly pass validation. authentik 2024.8.5 and 2024.10.3 fix this issue. As a workaround, When configuring OAuth2 providers, make sure to escape any wildcard characters that are not intended to function as a wildcard, for example replace `.`

Affected products

goauthentik — authentik

Does this affect you?

Add your gear to cvedb and we'll alert you only when goauthentik ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.