Description
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
Problem types
Product status
2021.4.2.47895
2022.1.1.30961
2022.1.1.42707
2023.1.1.123
2023.1.1.306
2023.2.1.51
2024.1.1.49
2024.1.1.136
2024.1.1.209
2024.2.1.14
2024.2.1.41
2024.2.1.73
2024.2.1.94
2023.1.1.13.486
2023.2.1.10.293
2024.1.1.9.236
2024.2.1.6.125
2025.1.1.1.31
Timeline
| 2025-12-25: | Advisory disclosed |
| 2025-12-25: | VulDB entry created |
| 2025-12-25: | VulDB entry last update |
Credits
Diyan Apostolov (ICT Strypes)
fosi (VulDB User)
References
vuldb.com/?id.338428 (VDB-338428 | Alteryx Server status improper authentication)
vuldb.com/?ctiid.338428 (VDB-338428 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.710169 (Submit #710169 | Alteryx Alteryx Server 2020/2021/2022/2023/2024/2025 Authentication Bypass Issues)
ict-strypes.eu/...ploads/2025/12/Alteryx-Second-Research.pdf
gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c
help.alteryx.com/...e-notes/server-2025-1-release-notes.html
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
