3 matches found
CVE-2020-13485
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...
CVE-2020-13485
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...
CVE-2020-13485
The Knock Knock plugin for Craft CMS is affected up to version 1.2.7 (pre-1.2.8). The root cause is a flawed IP whitelisting mechanism that trusts the X-Forwarded-For header, allowing an attacker to bypass IP-based access controls. Impact: potential unauthorized access due to bypassed whitelist; ...