| { |
| "schema_version": "1.3.1", |
| "id": "GO-2024-2744", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "GHSA-x883-2vmg-xwf7" |
| ], |
| "summary": "Access control change may take longer than expected in github.com/authelia/authelia/v4", |
| "details": "If the file authentication backend is being used, the ewatch option is set to true, the refresh interval is configured to a non-disabled value, and an administrator changes a user's groups, then that user may be able to access resources that their previous groups had access to.", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/authelia/authelia/v4", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "4.37.0" |
| }, |
| { |
| "fixed": "4.38.0" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": {} |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://github.com/authelia/authelia/security/advisories/GHSA-x883-2vmg-xwf7" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/authelia/authelia/blob/v4.37.5/internal/handlers/handler_verify.go#L376-L394" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2024-2744" |
| } |
| } |
