CVE-2024-23647

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-23647
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23647.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-23647
Aliases
Published
2024-01-30T16:10:55Z
Modified
2025-10-30T20:24:38.950243Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
PKCE downgrade attack in Authentik
Details

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/goauthentik/authentik

Affected ranges

Type
GIT
Repo
https://github.com/goauthentik/authentik
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a35cb42a68181a7af2905aa3bbe0613b82dc2b11
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2023.8.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/goauthentik/authentik
Events
Introduced
ed46fd629efd4307040c494faaec544a5cb7b3ee
Fixed
e095e9f694d2a427940bc8616bc4025fef502a8b
Database specific 
{
    "versions": [
        {
            "introduced": "2023.10.0"
        },
        {
            "fixed": "2023.10.7"
        }
    ]
}

Affected versions

version/0.*

version/0.0.10-alpha
version/0.0.11-alpha
version/0.0.12-alpha
version/0.0.13-alpha
version/0.0.2-alpha
version/0.0.3-alpha
version/0.0.4-alpha
version/0.0.5-alpha
version/0.0.6-alpha
version/0.0.7-alpha
version/0.0.8-alpha
version/0.0.9-alpha
version/0.1.0-beta
version/0.1.1-beta
version/0.1.10-beta
version/0.1.11-beta
version/0.1.12-beta
version/0.1.13-beta
version/0.1.14-beta
version/0.1.15-beta
version/0.1.16-beta
version/0.1.17-beta
version/0.1.18-beta
version/0.1.19-beta
version/0.1.2-beta
version/0.1.20-beta
version/0.1.21-beta
version/0.1.22-beta
version/0.1.23-beta
version/0.1.24-beta
version/0.1.25-beta
version/0.1.26-beta
version/0.1.27-beta
version/0.1.28-beta
version/0.1.29-beta
version/0.1.3-beta
version/0.1.30-beta
version/0.1.31-beta
version/0.1.32-beta
version/0.1.33-beta
version/0.1.34-beta
version/0.1.35-beta
version/0.1.36-beta
version/0.1.37-beta
version/0.1.38-beta
version/0.1.4-beta
version/0.1.5-beta
version/0.1.6-beta
version/0.1.7-beta
version/0.1.8-beta
version/0.1.9-beta
version/0.10.0-rc1
version/0.10.0-rc2
version/0.10.0-rc3
version/0.10.0-rc4
version/0.10.0-rc5
version/0.10.0-rc6
version/0.10.0-stable
version/0.10.1-stable
version/0.10.2-stable
version/0.10.3-stable
version/0.10.4-stable
version/0.10.5-stable
version/0.10.6-stable
version/0.10.7-stable
version/0.10.8-stable
version/0.10.9-stable
version/0.11.0-stable
version/0.12.0-stable
version/0.12.1-stable
version/0.12.10-stable
version/0.12.11-stable
version/0.12.2-stable
version/0.12.3-stable
version/0.12.4-stable
version/0.12.5-stable
version/0.12.6-stable
version/0.12.7-stable
version/0.12.8-stable
version/0.12.9-stable
version/0.13.0-rc1
version/0.13.0-rc2
version/0.13.0-rc3
version/0.13.0-rc4
version/0.13.0-stable
version/0.13.1-stable
version/0.13.2-stable
version/0.13.3-stable
version/0.2.0-beta
version/0.2.1-beta
version/0.2.2-beta
version/0.2.3-beta
version/0.2.4-beta
version/0.2.5-beta
version/0.2.6-beta
version/0.2.7-beta
version/0.2.8-beta
version/0.3.0-beta
version/0.4.0-beta
version/0.4.1-beta
version/0.4.2-beta
version/0.5.0-beta
version/0.6.0-beta
version/0.6.1-beta
version/0.6.10-beta
version/0.6.11-beta
version/0.6.2-beta
version/0.6.3-beta
version/0.6.4-beta
version/0.6.5-beta
version/0.6.6-beta
version/0.6.7-beta
version/0.6.8-beta
version/0.6.9-beta
version/0.7.0-beta
version/0.7.1-beta
version/0.7.10-beta
version/0.7.11-beta
version/0.7.12-beta
version/0.7.13-beta
version/0.7.14-beta
version/0.7.15-beta
version/0.7.16-beta
version/0.7.17-beta
version/0.7.2-beta
version/0.7.3-beta
version/0.7.4-beta
version/0.7.5-beta
version/0.7.6-beta
version/0.7.7-beta
version/0.7.8-beta
version/0.7.9-beta
version/0.8.0-beta
version/0.8.1-beta
version/0.8.10-beta
version/0.8.11-beta
version/0.8.12-beta
version/0.8.14-beta
version/0.8.15-beta
version/0.8.2-beta
version/0.8.3-beta
version/0.8.4-beta
version/0.8.5-beta
version/0.8.6-beta
version/0.8.7-beta
version/0.8.8-beta
version/0.8.9-beta
version/0.9.0-pre1
version/0.9.0-pre2
version/0.9.0-pre3
version/0.9.0-pre4
version/0.9.0-pre5
version/0.9.0-pre6
version/0.9.0-pre7
version/0.9.0-rc1
version/0.9.0-rc2
version/0.9.0-stable

version/2021.*

version/2021.1.1-rc1
version/2021.1.1-rc2
version/2021.1.1-stable
version/2021.1.2-stable
version/2021.1.3-stable
version/2021.1.4-stable
version/2021.10.1
version/2021.10.1-rc1
version/2021.10.1-rc2
version/2021.10.1-rc3
version/2021.10.2
version/2021.10.3
version/2021.10.4
version/2021.12.1
version/2021.12.1-rc1
version/2021.12.1-rc2
version/2021.12.1-rc3
version/2021.12.1-rc4
version/2021.12.1-rc5
version/2021.12.2
version/2021.12.3
version/2021.12.4
version/2021.12.5
version/2021.2.1-rc1
version/2021.2.1-rc2
version/2021.2.1-stable
version/2021.2.2-stable
version/2021.2.3-stable
version/2021.2.4-stable
version/2021.2.5-stable
version/2021.2.6-stable
version/2021.3.1
version/2021.3.1-rc1
version/2021.3.1-rc2
version/2021.3.2
version/2021.3.3
version/2021.3.4
version/2021.4.1
version/2021.4.1-rc1
version/2021.4.1-rc2
version/2021.4.2
version/2021.4.3
version/2021.4.4
version/2021.4.5
version/2021.5.1
version/2021.5.1-rc1
version/2021.5.1-rc10
version/2021.5.1-rc2
version/2021.5.1-rc3
version/2021.5.1-rc4
version/2021.5.1-rc5
version/2021.5.1-rc6
version/2021.5.1-rc7
version/2021.5.1-rc8
version/2021.5.1-rc9
version/2021.5.2
version/2021.5.3
version/2021.5.4
version/2021.6.1
version/2021.6.1-rc1
version/2021.6.1-rc2
version/2021.6.1-rc3
version/2021.6.1-rc4
version/2021.6.1-rc5
version/2021.6.1-rc6
version/2021.6.2
version/2021.6.3
version/2021.6.4
version/2021.7.1
version/2021.7.1-rc1
version/2021.7.1-rc2
version/2021.7.2
version/2021.7.3
version/2021.8.1
version/2021.8.1-rc1
version/2021.8.1-rc2
version/2021.8.2
version/2021.8.3
version/2021.8.4
version/2021.9.1
version/2021.9.1-rc1
version/2021.9.1-rc2
version/2021.9.1-rc3
version/2021.9.2
version/2021.9.3
version/2021.9.4
version/2021.9.5
version/2021.9.6
version/2021.9.7
version/2021.9.8

version/2022.*

version/2022.1.1
version/2022.1.2
version/2022.1.3
version/2022.1.4
version/2022.1.5
version/2022.10.0
version/2022.10.1
version/2022.11.0
version/2022.11.1
version/2022.11.2
version/2022.11.3
version/2022.11.4
version/2022.12.0
version/2022.12.1
version/2022.12.2
version/2022.2.1
version/2022.3.1
version/2022.3.2
version/2022.3.3
version/2022.4.1
version/2022.5.1
version/2022.5.2
version/2022.5.3
version/2022.6.1
version/2022.6.2
version/2022.6.3
version/2022.7.1
version/2022.7.2
version/2022.7.3
version/2022.8.1
version/2022.8.2
version/2022.9.0

version/2023.*

version/2023.1.0
version/2023.1.1
version/2023.1.2
version/2023.10.0
version/2023.10.1
version/2023.10.2
version/2023.10.3
version/2023.10.4
version/2023.10.5
version/2023.10.6
version/2023.2.0
version/2023.2.1
version/2023.2.2
version/2023.5.0
version/2023.5.1
version/2023.5.2
version/2023.5.3
version/2023.6.0
version/2023.6.1
version/2023.8.0
version/2023.8.1
version/2023.8.2
version/2023.8.3
version/2023.8.4
version/2023.8.5
version/2023.8.6