Skip to main content

Caddy Security

9 CVEs product

Monthly

CVE-2024-21500 Go MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-21499 Go MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-21498 Go MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Caddy Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-21497 Go MEDIUM This Month

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Caddy Security
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21496 Go MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Caddy Security
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-21495 Go CRITICAL PATCH Act Now

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Caddy Security
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21494 Go MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-21493 Go MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caddy Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-21492 Go HIGH POC This Week

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Google Caddy Security
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Caddy Security
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Caddy Security
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Caddy Security
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Caddy Security
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caddy Security
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Google Caddy Security
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy