Caddy Security
CVE-2024-21498
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (snyk) · only source for this CVE.
CVSS VectorVendor: snyk
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.
AnalysisAI
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability. Affected products include: Authcrunch Caddy-Security.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Caddy Security
View allAll versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authe
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Refe
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to us
Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url paramete
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via t
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forward
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today