Lucene search
K

10 matches found

Veracode
Veracode
added 2026/05/16 5:32 a.m.6 views

Arbitrary File Write And Deletion

github.com/go-acme/lego is vulnerable to arbitrary file write and deletion. The vulnerability is due to improper validation of the HTTP-01 challenge token in the webroot challenge provider, which allows a malicious ACME server to supply crafted ../ path traversal sequences and write or delete fil...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References7Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/16 9:28 p.m.9 views

ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References3Affected Software3
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-30bf3a7b1a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References6
Veracode
Veracode
added 2025/08/26 9:20 a.m.4 views

Cleartext Transmission Of Sensitive Information

github.com/go-acme/lego is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to the library not enforcing HTTPS when communicating with Certificate Authorities CAs, which allows attackers to intercept ACME protocol operations and access sensitive details like...

6CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/11 5:25 p.m.7 views

GO-2025-3847 Github.com/go-acme/lego/v4/acme/api does not enforce HTTPS in github.com/go-acme/lego

Github.com/go-acme/lego/v4/acme/api does not enforce HTTPS in github.com/go-acme/lego...

6CVSS7.1AI score0.00214EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/07 12:0 a.m.4 views

Fedora 43 : golang-github-acme-lego (2025-30bf3a7b1a)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-30bf3a7b1a advisory. Automatic update for golang-github-acme-lego-4.23.1-1.fc43. Changelog Mon Jul 7 2025 Mikel Olasagasti Uranga - 4.23.1-1 - Update to 4.23.1 and adopt Go Vendo...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.14 views

Fedora 41 : golang-github-acme-lego (2024-f6f91d983c)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f6f91d983c advisory. Automatic update for golang-github-acme-lego-4.17.4-4.fc41. Changelog Mon Jul 29 2024 Mikel Olasagasti Uranga - 4.17.4-4 - Update to 4.17.4 - Closes...

6CVSS7.1AI score0.01956EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.11 views

Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/06 12:0 a.m.16 views

Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.16 views

Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
Rows per page
Query Builder