USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

Authorization

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

CVE-2021-29456

CVE-2021-29456 affects Authelia (open‑source authentication/SSO server). In versions ≤ 4.27.4, an HTTP query parameter permits open redirects to any external domain, enabling potential phishing by spoofing the initial URL. The vulnerability’s impact is limited to redirect behavior, not direct app...

CVE-2021-29456 Authelia allows open redirects on the logout endpoint

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...