CVE-2024-23647

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 30, 2024
Updated: Feb 6, 2024
CWE ID 287

Summary

CVE-2024-23647 is a vulnerability that affects Authentik, an open-source Identity Provider. The bug in the PKCE implementation allows an attacker to bypass the protection offered by PKCE. This can lead to various attacks, including CSRF and code injection attacks. The issue was fixed in versions 2023.8.7 and 2023.10.7. The vulnerability has a base severity rating of MEDIUM and requires user interaction over a network, with high integrity impact and no confidentiality impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23647 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options