Lucene search
+L
AuthcrunchCaddy-security

5 matches found

CVE
CVE
added 2024/02/12 12:0 a.m.84 views

CVE-2023-52430

The CVE-2023-52430 entry concerns the caddy-security plugin for Caddy (version 1.1.20). A reflected Cross-Site Scripting (XSS) vulnerability exists in GET requests where the URL payload begins with /admin or /settings/mfa/delete/. Root cause: insufficient input sanitization in handling those endp...

6.1CVSS5.7AI score0.00373EPSS
CVE
CVE
added 2024/02/17 5:0 a.m.82 views

CVE-2024-21492

CVE-2024-21492 affects github.com/greenpau/caddy-security. All versions are reported vulnerable to Insufficient Session Expiration due to improper user session invalidation after Sign Out, allowing sessions to remain active after requests to /logout and /oauth2/google/logout and enabling actions ...

8.1CVSS5.2AI score0.00711EPSS
CVE
CVE
added 2024/02/17 5:0 a.m.76 views

CVE-2024-21498

CVE-2024-21498 : SSRF in the Go package github.com/greenpau/caddy-security across all versions, caused by manipulation of the X-Forwarded-Host header. Impact: attacker may access sensitive data or reach internal services. Remediation status: no concrete fix version is identified in the provided d...

5.3CVSS5.5AI score0.00554EPSS
CVE
CVE
added 2024/02/17 5:0 a.m.72 views

CVE-2024-21496

CVE-2024-21496 affects all versions of the Go package github.com/greenpau/caddy-security. The vulnerability is a Cross-site Scripting (XSS) flaw via the Referer header caused by incomplete input sanitization. While some characters (e.g., &, , ", ') are escaped, the check does not cover attacks us...

6.1CVSS5.9AI score0.00576EPSS
CVE
CVE
added 2024/02/17 5:0 a.m.72 views

CVE-2024-21500

The CVE-2024-21500 entry concerns the GitHub package github.com/greenpau/caddy-security, with reports across multiple sources (Red Hat, OSV, GHSA, PT-Security, etc.) that all versions are vulnerable to Improper Restriction of Excessive Authentication Attempts via 2FA. The core issue is a bypass o...

6.5CVSS5.3AI score0.00535EPSS