3 matches found
CVE-2023-36456
creationtimestamp| type| source ---|---|--- 2023-07-06 22:20:39+00:00| seen| https://t.me/cibsecurity/66158...
CVE-2023-36456
authentik is affected prior to versions 2023.4.3 and 2023.5.5 because it does not verify the origin of the X-Forwarded-For and X-Real-IP headers in both Python and Go code. This can allow spoofing of IPs in logs and in downstream flows that rely on IP checks, and may enable bypassing IP-based pol...
CVE-2023-36456 Authentik lacks Proxy IP headers validation
authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...