5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-29456

GHSA ID

GHSA-36f2-fcrx-fp4j

EPSS Score

0.36592%

CWE

CWE-601

Published

3/16/2023

Updated

3/16/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-29456

CVE-2021-29456: Authelia allows open redirects on the logout endpoint

Impact

Utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain. The URL of the intended redirect should always be checked for safety prior to forwarding the user. Other endpoints of the web application already do this, they check both that the domain is using the HTTPS protocol and that it exists on a domain associated with the application.

An attacker is able to use this unintended functionality to redirect users to malicious sites. This particular security issue allows the attacker to make a phishing attempt seem much more trustworthy to a user of the web application as the initial site before redirection is familiar to them, as well as the actual URL which they have theoretically visited frequently.

While this security issue does not directly impact the security of the web application, it is still not an acceptable scenario for the reasons mentioned above.

Patches

f0cb75e1e102f95f91e9254c66c797e821857690 fix(handlers): logout redirection validation (#1908) v4.28.0

Workarounds

Using a reverse proxy to strip the query parameter from the affected endpoint.

References

https://github.com/authelia/authelia/pull/1908

CWE-601

Authelia v4.28.0

For more information

If you have any questions or comments about this advisory, please contact us. You may also contact us to request creating a back-ported fix for this if you are able to explain why you cannot upgrade; however upgrading is highly preferable.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-29456

CVE-2021-29456:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-29456

GHSA ID

GHSA-36f2-fcrx-fp4j

EPSS Score

0.36592%

CWE

CWE-601

Published

3/16/2023

Updated

3/16/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/authelia/authelia/v4	go	< 4.28.0	4.28.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly exists in the logout endpoint's redirection logic. While the exact code isn't shown, the advisory states that other endpoints performed proper validation (checking HTTPS and associated domains) while the logout handler did not. The patch commit title ('logout redirection validation') and CWE-601 context indicate the vulnerable function is the logout handler responsible for processing redirect parameters. In Go web applications, this would typically be a handler function named HandleLogout in a handlers package dealing with logout requests.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-29456: Authelia allows open redirects on the logout endpoint

Impact

Patches

Workarounds

References

For more information

CVE-2021-29456:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.4

5.4

Basic Information

Basic Information

CVE-2021-29456: Authelia allows open redirects on the logout endpoint

Impact

Patches

Workarounds

References

For more information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI