CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
github.com/greenpau/caddy-security is vulnerable to Authentication Bypass via Spoofing the X-Forwarded-For header. The vulnerability is due to improper input validation. An attacker can spoof an IP address used in the user identity module. This could lead to unauthorized access if the system trusts this spoofed IP address.