7046944bf6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
22 lines
676 B
Markdown
22 lines
676 B
Markdown
# CVE-2022-46145
|
|
|
|
_Reported by [@sdimovv](https://github.com/sdimovv)_
|
|
|
|
## Unauthorized user creation and potential account takeover
|
|
|
|
### Impact
|
|
|
|
With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts
|
|
|
|
### Patches
|
|
|
|
authentik 2022.11.2 and 2022.10.2 fix this issue, for other versions the workaround can be used.
|
|
|
|
### Workarounds
|
|
|
|
A policy can be created and bound to the `default-user-settings-flow` flow with the following contents
|
|
|
|
```python
|
|
return request.user.is_authenticated
|
|
```
|