We found results for “


Good to know:


Date: June 23, 2021

In authelia, versions v4.0.0 to v4.14.2 are vulnerable due to insufficient policy enforcement in CSP. Specific inline scripts are not ‘whitelisted’ (using a unique nonce). The absence of a nonce means that modern browsers will not ignore 'unsafe-inline' leading to unwanted execution of javascript on a web page.

Language: Go

Severity Score

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)


Top Fix


Upgrade Version

Upgrade to version v4.15.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us