Vulnerability Report: GO-2024-2744

GHSA-x883-2vmg-xwf7
Affects: github.com/authelia/authelia/v4
Published: Apr 26, 2024
Modified: May 20, 2024

If the file authentication backend is being used, the ewatch option is set to true, the refresh interval is configured to a non-disabled value, and an administrator changes a user's groups, then that user may be able to access resources that their previous groups had access to.

For detailed information about this vulnerability, visit https://github.com/authelia/authelia/security/advisories/GHSA-x883-2vmg-xwf7.

Affected Modules

Path

Go Versions
github.com/authelia/authelia/v4

from v4.37.0 before v4.38.0

Aliases

GHSA-x883-2vmg-xwf7

References

https://github.com/authelia/authelia/security/advisories/GHSA-x883-2vmg-xwf7
https://github.com/authelia/authelia/blob/v4.37.5/internal/handlers/handler_verify.go#L376-L394
https://vuln.go.dev/ID/GO-2024-2744.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL