205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

security: automated internal backport of patch GHSA-xp7f-xjjx-gwm8.sec.patch to authentik-main (#22734)

Browse Source 
Automated internal backport of patch GHSA-xp7f-xjjx-gwm8.sec.patch to authentik-main

Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
This commit is contained in:
authentik-automation[bot]
2026-05-28 16:39:26 +02:00
committed by GitHub
parent 3243c974b2
commit 8830a712b0
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
authentik/enterprise/stages/source/stage.py
+3 -2
View File
@@ -16,7 +16,7 @@ from authentik.core.sources.flow_manager import (
)
from authentik.core.types import UILoginButton
from authentik.enterprise.stages.source.models import SourceStage
from authentik.flows.challenge import Challenge, ChallengeResponse
from authentik.flows.challenge import Challenge, ChallengeResponse, HttpChallengeResponse
from authentik.flows.models import FlowToken, in_memory_stage
from authentik.flows.planner import PLAN_CONTEXT_IS_REDIRECTED, PLAN_CONTEXT_IS_RESTORED
from authentik.flows.stage import ChallengeStageView, StageView
@@ -84,7 +84,8 @@ class SourceStageView(ChallengeStageView):
return token
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
return self.executor.stage_ok()
# Completion happens via dispatch(), not here.
return HttpChallengeResponse(self._get_challenge())
class SourceStageFinal(StageView):
website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md
+27
View File
@@ -0,0 +1,27 @@
<!-- spellchecker:ignore GHSA-xp7f-xjjx-gwm8 -->
# GHSA-xp7f-xjjx-gwm8
## SourceStage bypass via empty POST
### Summary
The Source stage can be bypassed by sending an empty POST.
### Patches
authentik 2026.5.1, 2026.2.4, and 2025.12.6 fix this issue.
### Impact
If a Source stage is bound to a flow and the source exposes a ui_login_button and an attacker can reach the Source stage, they can bypass that stage, effectively skipping authentication at that source.
### Workarounds
None. We recommend not using Source stages until upgrading to a suitable version.
### For more information
If you have any questions or comments about this advisory:
- Email us at [security@goauthentik.io](mailto:security@goauthentik.io)