Authelia Cross-Site Scripting Vulnerability in Login Page

A cross-site scripting vulnerability has been identified in Authelia version 4.39.15. This issue arises from improper neutralization of the 'language' cookie value when rendering the HTML template, potentially allowing an attacker to inject JavaScript into the Authelia login page. However, successful exploitation requires specific conditions to be met, including modifications to the Content Security Policy that could disable its default protective measures. Most Authelia installations will not be affected, as the vulnerability hinges on both the Content Security Policy and the presence of a secondary application that can manipulate cookies for the Authelia domain.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the injection of malicious JavaScript that could be executed in the context of the user's session.

Reproduction

To reproduce this vulnerability, Authelia must be hosted on a domain with other applications capable of writing cookies for the Authelia domain. The Content Security Policy must be disabled or improperly configured to allow unsafe scripts. Once these conditions are met, an attacker could exploit a vulnerability in the secondary application to inject JavaScript that manipulates the 'language' cookie, potentially leading to script execution on the Authelia login page.

Remediation

Users are advised to upgrade to Authelia version 4.39.16 or downgrade to version 4.39.14. If using a custom Content Security Policy, ensure it does not include unsafe directives that could allow script execution.