10 matches found
Arbitrary File Write And Deletion
github.com/go-acme/lego is vulnerable to arbitrary file write and deletion. The vulnerability is due to improper validation of the HTTP-01 challenge token in the webroot challenge provider, which allows a malicious ACME server to supply crafted ../ path traversal sequences and write or delete fil...
ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider
Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...
Fedora: Security Advisory (FEDORA-2025-30bf3a7b1a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cleartext Transmission Of Sensitive Information
github.com/go-acme/lego is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to the library not enforcing HTTPS when communicating with Certificate Authorities CAs, which allows attackers to intercept ACME protocol operations and access sensitive details like...
GO-2025-3847 Github.com/go-acme/lego/v4/acme/api does not enforce HTTPS in github.com/go-acme/lego
Github.com/go-acme/lego/v4/acme/api does not enforce HTTPS in github.com/go-acme/lego...
Fedora 43 : golang-github-acme-lego (2025-30bf3a7b1a)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-30bf3a7b1a advisory. Automatic update for golang-github-acme-lego-4.23.1-1.fc43. Changelog Mon Jul 7 2025 Mikel Olasagasti Uranga - 4.23.1-1 - Update to 4.23.1 and adopt Go Vendo...
Fedora 41 : golang-github-acme-lego (2024-f6f91d983c)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f6f91d983c advisory. Automatic update for golang-github-acme-lego-4.17.4-4.fc41. Changelog Mon Jul 29 2024 Mikel Olasagasti Uranga - 4.17.4-4 - Update to 4.17.4 - Closes...
Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-5ef0bd9a27)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-08ae2dd481)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...