Vulnerability DatabaseWS-2021-0161
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2021-0161
June 23, 2021
In authelia, versions v4.0.0 to v4.14.2 are vulnerable due to insufficient policy enforcement in CSP. Specific inline scripts are not ‘whitelisted’ (using a unique nonce). The absence of a nonce means that modern browsers will not ignore 'unsafe-inline' leading to unwanted execution of javascript on a web page.
Related Resources (1)
https://github.com/authelia/authelia/commit/b12d9d405fc83b68094ae9d6f22753eae4b8917e
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE